We’re thrilled to announce our $60M series B to build the new standard for email security! ✉️ 🚀 Thank you to our customers, community, partners, and investors for trusting us. We could not be more excited to build the future of email security with you. Founder & CEO @jkamdjou shares his thoughts on how we got here and where we’re headed next:

Bad actors will use 2FA as part of their phishing attacks to collect authentication tokens as well as login credentials. See how they do it in this recent Charles Schwab credential theft attempt:

Mass volume email attack campaigns are often customized to the recipient to increase legitimacy. We recently improved our campaign grouping algorithm to be better at identifying similar messages in a campaign to cut review time, reduce alerts, and boost herd immunity. Read how it works here:

RT @samkscholten: 🚨 Detection coverage for CVE-2025-21298: 🤝 h/t to our friends at @delivr_to for their excellent detection work: https://…

RT @CRN: The cybersecurity startups to watch in 2025: @get_abstracted, Concentric AI, @entrosecurity, @LakeraAI, @prompt_security, @DetectD…

By mimicking an ongoing conversation and adding fake attachments, we’ve seen attackers craft seemingly legitimate messages for BEC financial fraud. A fake $50k invoice was sent to Accounts Payable at a major university. @samkscholten breaks down the attack & detection:

We recently published an in-depth analysis of Xloader malware delivery via spoofed SharePoint notifications. The analysis uncovered a complex chain of obfuscation, zip files, and multiple rounds of process injection. See our findings:

Scammers are using distribution lists to hide their tracks while blasting a wide range of targets in this new variant of Living Off the Land (LOTL) + callback phishing attacks. We’ve seen it with trusted brands like Microsoft, Venmo, and PayPal. Learn how the scam works:

Freight-forwarding fraud, which can target shipping containers full of goods, is on the rise as a lucrative alternative to traditional scams involving cash. See how scammers are exploiting these systems to evade crackdowns in our new Attack Spotlight:

AnonymousFox has been around since 2019, and we’ve recently seen an uptick of activity. See how we stop malicious email messages sent from compromised sites in @samkscholten's blog:

It’s the holiday season here in the US, and that means that while the turkey gets roasted, you get grilled. This year, pivot family concerns about your life into *your* concerns about phishing scams:

RT @amitchell516: New @sublime_sec rule out for this, utilizing our ability to run YARA rules on attachments: Look…

Credential phishing attempts are being hidden within EML attachments to avoid detection. More on this attack and how we detected it here:

RT @jkamdjou: EML attachments are a clever way to bypass traditional analysis because they automatically get rendered and embedded in the o…

In another example of trusted service abuse, attackers attempt to bypass detection of credential phishing by leveraging legitimate Docusign domains and landing pages. Read our new Attack Spotlight for a full breakdown of the attack + variants and how we detected it:

Watch @jkamdjou & @riskybusiness on this week's Soap Box: They discuss how email security platforms need to rapidly adapt to keep up with evolving threats, why programmable engines are the future of detection, and more.

We've observed a rise in Living off the Land email attacks where attackers abuse legitimate service infrastructure. Our newest Attack Spotlight details one of these attack variants abusing Docusign to deliver malware via callback phishing:

RT @jkamdjou: you can deploy verifiable coverage for this with @sublime_sec (for free), here’s the detection that’s been out for over a yea…

We observed adversarial ML tactics in a recent extortion attempt. The social engineering is directed at both the recipient and any present LLM-backed phishing detectors. We break down the social engineering 2.0 in our latest Attack Spotlight: