Credential-Harvesting

Attackers are abusing notification pipelines in SaaS platforms like GitHub and Jira to deliver phishing and spam emails by exploiting legitimate platform features and bypassing traditional email security measures.

Attackers are leveraging AI to rapidly reconnoiter and tailor content for smaller organizations, making it easier to execute business email compromise (BEC) scams and scam smaller sums from many victims, as demonstrated by a recent attack targeting a small community organization.