🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

We are frequently seeing new services being abused in Living Off Trusts Sites (LOTS) attacks. In a recent attack, a bad actor tried to evade detection by putting a malicious payload in a linked Figma file delivered from a compromised vendor account. Learn about the attack:

We’ve seen an increase in attackers delivering ScreenConnect as a malicious payload. Often, it was delivered via a linked Canva file with the payload disguised as a legitimate PDF download. These attacks are multi-layered and designed to evade security controls. Learn more:

Our ML team built an agentic AI analyst capable of performing almost all of the same tasks as a human email security analyst. We introduced ASA a few weeks back, now we want to give you a peek under the hood. Learn about our approach to building our Autonomous Security Analyst:

ClickFix attacks have been on the rise and now we’re seeing it used to deliver DCRat malware. Learn about this attack that uses JavaScript to silently copy a malicious command to a target’s clipboard and then provides fake “verification” steps to run the command:

Big news: Sublime Security was named a Rising in Cyber 2025 honoree by Notable Capital! Recognized at the NYSE 🏛 and voted on by nearly 150 CISOs & security leaders. Proud to be building the future of email security with precision + transparency. 🔗notablecap.com/risingincyber

Big thank you to TechAnnouncer for including Sublime in their list of 5 cybersecurity startups “blowing up right now.” We’re rethinking how defenders detect and respond to email threats—with a modular platform built for openness, customization, and control. Read more:

We’re honored to be named to @redpoint’s 2025 #InfraRed100, spotlighting the most transformative infrastructure companies! Big thanks to the team at Redpoint congrats to our fellow innovators.  → redpoint.com/infrared/repor…

We’ve been seeing lapsed legitimate domains get purchased by bad actors and used to evade detection. In a recent attack, a domain that once belonged to a law firm was used to deliver a credential phishing payload that featured multiple evasion detection techniques. Learn more:

At Sublime, we don’t just build powerful detection tools 📷 — we empower the community to use them. Over the years, our users have created, tested, and contributed some incredible custom rules to our Core Feed. Today, we’re spotlighting a few standouts from the Sublime Community

In Q1 2025, our research data showed X (formerly Twitter) to be the third-most abused service for email attacks. Learn about a recent credential phishing attack in which a bad actor used the X link shortener (t[.]co) to try to hide a malicious URL: sublime.security/blog/using-the…

Zoom is the latest trusted service bad actors are exploiting to deliver malicious messages. In this recent attack, Zoom Events and Zoom Docs are used to deliver an adversary in the middle (AITM) credential phishing payload with a fake Microsoft login page: sublime.security/blog/living-of…

Attacks using Zoom Docs to impersonate brands are on the rise. We recently detected a credential phishing attack targeting Xfinity accounts that used Zoom Docs to impersonate Xfinity branding. Learn about the attack and its detection signals: sublime.security/blog/phishing-…

🎯 Detecting Scattered Spider: Tactics, Techniques, and Email Defense Strategies We're hosting a webinar to examine Scattered Spider's evolving TTPs, with particular focus on email-centric attacks. July 31 @ 12pm ET / 9am PT Register here: sublime.security/events/webinar…

AutoIT-based malware attacks are not slowing down. In a recent campaign, bad actors sent emails to German speakers that promised explicit videos, but delivered a malicious AutoIT loader. Learn about the attack and the evasions it used, like anti-analysis techniques and the