Subway Builder is so fun it's distracting me from actually finishing the game. My most extensive save has 324 stations and 18 lines

Andrew Levy Hey Andrew, great catch. We’ve seen the same spike lately and just published a write-up breaking it down: 🔗 sublime.security/blog/living-of… TL;DR: Attackers are abusing Zoom’s trusted docs.zoom[.]us domain to host credential phishing pages. Because Zoom is often allowed through

AutoIT-based malware attacks are not slowing down. In a recent campaign, bad actors sent emails to German speakers that promised explicit videos, but delivered a malicious AutoIT loader. Learn about the attack and the evasions it used, like anti-analysis techniques and the

every DEF CON is filled with many crossroads. see you there

We’re increasingly seeing legit remote monitoring tools being repurposed as malware. In a recent attack, we saw a bad actor deliver 2 different RMMs in 1 payload – one with an interactive installer and the other silently in the background. Learn about this sneaky attack:

just a couple maryland boys

the time has come LV convention center, west hall, level 2 next to policy @ defcon 1-3pm PT limited supply on hand

last and final round of our annual drop begins. LV convention center, west hall, level 2 next to DC NEXTGEN 1230-230pm PT while supplies last 👨‍💻

big upgrade to our natural language model!

🎰 Black Hat USA, BSides LV, and DEF CON 33 were an exciting time in Vegas. It was great seeing old friends and learning about new security practices, and it was interesting to see familiar patterns reemerge in new ways. Read about a few trends Sublime CISO Andrew Becherer

We’ve had tons of questions about how NLU 3.0 works. Our ML team shares the blueprint: multi-headed architecture + advanced synthetic training—and why it removes throttles and ceilings. Give it a read and drop your questions for the team: sublime.security/blog/technical…

NLU 3.0 is a leap forward on multiple fronts. 1. Synthetic data augmentation with GenAI 2. Unified multi-head architecture for multi-task NLU 3. Modular heads for rapid expansion of NLU capabilities what that means in practice: more resilient to GenAI-powered email attacks

Introducing email bomb protection from Sublime: a powerful solution for automatically detecting, remediating, and triaging email bombs. In these attacks, an adversary will send hundreds or thousands of emails at once to flood an inbox and obfuscate the malicious intent. Learn how

We recently saw an adversary use a bank's online "Request a Meeting" form to smuggle callback phishing language into a meeting confirmation email, which was sent automatically to a distribution list that relayed the attack to a large set of targets. Simple, effective, detected:

A meteor burning up in Earth's atmosphere, filmed from the International Space Station.

Subway Builder releases on October 9!

Detection teams are generally suspicious of AI security. That’s why Sublime’s ML team developed a rigorous 3-pillar framework for measuring the accuracy, robustness, and cost of LLM-written detections, so they don't just “look right,” they work. Read the blog & paper:

We've seen a rash of attacks imitating online invitations (Evite, Punchbowl, etc.) to deliver a variety of payloads via the RSVP button. Multiple types of credential phishing, multiple types of RMM malware, and we assume these attacks will keep evolving. Know how to stop it:

We’ve seen an increase in Google Careers phishing attacks. These attacks show a range of variation in target languages, attack domains, delivery techniques, HTML formatting evasions, as well as C2 code iteration indicating ongoing attack evolution. Learn about the attacks:

We recently detected an influx of fake Social Media Manager recruitment emails impersonating a variety of well-known brands (Red Bull, Tesla, KFC, etc.). Each message led to a malicious, spoofed Glassdoor page that harvested Facebook credentials. Learn how we detect these