Sublime Thoughts

ICS phishing: Stopping a surge of malicious calendar invites

Sublime raises $150M Series C to arm defenders for the post-LLM world

Direct Send abuse on Microsoft 365: Just another failed authentication

Facebook credential phishing with job scams impersonating well-known companies

Google Careers impersonation credential phishing scam with endless variation

UK Home Office visa & immigration scam targets Sponsor Management System accounts

Impersonated Evite and Punchbowl invitations used for credential phishing and malware distribution

More than “plausible nonsense”: A rigorous eval for ADÉ, our security coding agent

Fake Meta Ads Manager in App Store and TestFlight used to phish Meta ad accounts

Meet ADÉ: The Autonomous Detection Engineer for email

Callback phishing with online appointment abuse and distribution lists

Email bomb detection and prevention with Sublime

Technical deep dive of NLU 3.0: Modular, multi-headed, with advanced synthetic training

Everything old is new again: 3 trends from Black Hat USA, BSides LV, and DEF CON 33

Sublime NLU 3.0: Faster, more accurate, future-proof defense against AI email attacks

Multi-RMM attack: Splashtop Streamer and Atera payloads delivered via Discord CDN link

Keitaro TDS abused to deliver AutoIT-based loader targeting German speakers

Phishing for Xfinity credentials with malicious Zoom Docs

Living Off Trusted Sites: Zoom service abuse to deliver credential phishing attack

Using the X/Twitter link shortener (t.co) to hide an AITM credential phishing payload

Community Spotlight: Email Detection Rules built by the Sublime Community

AITM phishing with Russian infrastructure and detection evasion from a lapsed domain

Detecting an email-based ClickFix attack that delivers DCRat malware payload

How ASA thinks: The technical architecture of Sublime’s Autonomous Security Analyst

ScreenConnect as malware via Canva abuse and Docusign impersonation

Figma abuse from compromised vendor used in credential theft attack

Key findings from the Q1 2025 Sublime Email Threat Research Report

Introducing ASA: The Autonomous Security Analyst for email

Welcoming Andrew Becherer as Sublime’s CISO

Elastic + Sublime: Adding email to your security and observability stack

TROX Stealer: A deep dive into a new Malware as a Service (MaaS) attack campaign

$500K financial fraud built on BEC, a domain lookalike, and a fake thread

Who are you trying to April Fool with that email scam?

Tycoon 2FA credential phishing with cloned internal employee login

Microsoft OAuth URL used as redirect to AITM credential phishing site

Seeing both sides of a service abuse financial fraud using YOPmail disposable messages

Base64-encoding an SVG attack within an iframe and hiding it all in an EML attachment

Scripting Vector Grifts: SVG phishing with smuggled JS and adversary in the middle tactics

Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits

Email Topic Modeling: Simplifying detection with ML-powered granularity

Credential phishing Charles Schwab account holders with 2FA bypass

Enhanced message groups: Improving efficiency in email incident response

Hiding a $50,000 BEC financial fraud in a fake email thread

Callback phishing via invoice abuse and distribution list relays

B2B freight-forwarding scams on the rise to evade financial fraud crackdowns

Sublime raises Series B to… keep doing what we’ve been doing, but better

Xloader deep dive: Link-based malware delivery via SharePoint impersonation

Detecting malicious AnonymousFox email messages sent from compromised sites

Talking phish over turkey

Hidden credential phishing within EML attachments

Living Off the Land: Credential Phishing via Docusign abuse

Living Off the Land: Callback Phishing via Docusign comment

Adversarial ML: Extortion via LLM Manipulation Tactics

Combating GenAI Email Attacks with BERT LLM

Correlate Sublime Logs in Panther for Centralized Threat Detection

Payroll Fraud via LLM-Generated Emails

Abusing Discord to deliver Agent Tesla malware

Fake invoice used to conduct $16,800 BEC attempt

Sublime Attack Score: Explainable, AI-backed threat analysis

Announcing our $20M Series A to redefine email security

Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques

QR Code Phishing: Decoding Hidden Threats

Call Me Maybe? The Rise of Callback Phishing Emails

Unmasking BEC attacks using Natural Language Understanding + MQL

Detecting QakBot: WSF attachments, OneNote files, and generic attack surface reduction

Detecting Credential Phishing using Deep Learning + MQL

Introduction to Message Query Language (MQL)

Introducing Sublime: A new, open approach to email security