Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Open redirect: next2.io | Sublime Security | 9mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-next2io-5085c422 | |
Open redirect: people.anuneo.com | Sublime Security | 9mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-peopleanuneocom-2ae83b73 | |
Open redirect: slubnaglowie.pl | Sublime Security | 9mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-slubnaglowiepl-2ec356d0 | |
Open redirect: typedrawers.com | Sublime Security | 9mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-typedrawerscom-158d9e95 | |
Outlook hyperlink bypass: left-to-right mark (LRM) in base HTML tag | Sublime Security | 2mo ago Dec 10th, 2025 | /feeds/core/detection-rules/outlook-hyperlink-bypass-left-to-right-mark-lrm-in-base-html-tag-160cc681 | |
PayPal invoice abuse | Sublime Security | 27d ago Feb 11th, 2026 | /feeds/core/detection-rules/paypal-invoice-abuse-0ff7a0d4 | |
PDF attachment with Google (AE) redirecting to a php or zip file | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/pdf-attachment-with-google-ae-redirecting-to-a-php-or-zip-file-57ae513f | |
PhaaS: Impact Solutions (Impact Vector Suite) | Sublime Security | 1mo ago Jan 23rd, 2026 | /feeds/core/detection-rules/phaas-impact-solutions-impact-vector-suite-4d197faf | |
Potential prompt injection attack in body HTML | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/potential-prompt-injection-attack-in-body-html-5fb24736 | |
QR Code with suspicious indicators | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/qr-code-with-suspicious-indicators-04f5c34f | |
Reconnaissance: All recipients cc/bcc'd or undisclosed | Sublime Security | 1mo ago Feb 5th, 2026 | /feeds/core/detection-rules/reconnaissance-all-recipients-ccbccd-or-undisclosed-420f60d3 | |
Reconnaissance: Email address harvesting attempt | Sublime Security | 15d ago Feb 23rd, 2026 | /feeds/core/detection-rules/reconnaissance-email-address-harvesting-attempt-bb31efbc | |
Reconnaissance: Empty message from uncommon sender | Sublime Security | 13d ago Feb 25th, 2026 | /feeds/core/detection-rules/reconnaissance-empty-message-from-uncommon-sender-b347cdbc | |
Reconnaissance: Hotel booking reply-to redirect | Sublime Security | 1mo ago Jan 27th, 2026 | /feeds/core/detection-rules/reconnaissance-hotel-booking-reply-to-redirect-08c36035 | |
Reconnaissance: Large unknown recipient list | Sublime Security | 3mo ago Nov 24th, 2025 | /feeds/core/detection-rules/reconnaissance-large-unknown-recipient-list-24783a28 | |
Reconnaissance: Short generic greeting message | Sublime Security | 1mo ago Jan 27th, 2026 | /feeds/core/detection-rules/reconnaissance-short-generic-greeting-message-c67dedab | |
Recruitee Infrastructure Abuse | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/recruitee-infrastructure-abuse-31cab83d | |
Request for Quote or Purchase (RFQ|RFP) with HTML smuggling attachment | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/request-for-quote-or-purchase-rfqorrfp-with-html-smuggling-attachment-a47a5755 | |
Request for Quote or Purchase (RFQ|RFP) with suspicious sender or recipient pattern | Sublime Security | 19h ago Mar 9th, 2026 | /feeds/core/detection-rules/request-for-quote-or-purchase-rfqorrfp-with-suspicious-sender-or-recipient-pattern-2ac0d329 | |
Salesforce infrastructure abuse | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/salesforce-infrastructure-abuse-78a77c70 | |
Scam: Piano giveaway | Sublime Security | 2mo ago Dec 11th, 2025 | /feeds/core/detection-rules/scam-piano-giveaway-1a91a203 | |
Self-sent fake PDF attachment with misleading link | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/self-sent-fake-pdf-attachment-with-misleading-link-8a285d2e | |
Sendgrid voicemail phish | Sublime Security | 3mo ago Nov 24th, 2025 | /feeds/core/detection-rules/sendgrid-voicemail-phish-21cad89c | |
Service abuse: Adobe legitimate domain with document approval language | Sublime Security | 1mo ago Jan 23rd, 2026 | /feeds/core/detection-rules/service-abuse-adobe-legitimate-domain-with-document-approval-language-237f4da4 | |
Service abuse: Apple TestFlight with suspicious developer reference | Sublime Security | 1mo ago Feb 6th, 2026 | /feeds/core/detection-rules/service-abuse-apple-testflight-with-suspicious-developer-reference-e7ea0ee0 | |
Service abuse: AppSheet infrastructure with suspicious indicators | Sublime Security | 5mo ago Oct 6th, 2025 | /feeds/core/detection-rules/service-abuse-appsheet-infrastructure-with-suspicious-indicators-5937646a | |
Service Abuse: Box file sharing with credential phishing intent | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-box-file-sharing-with-credential-phishing-intent-5bd0cb25 | |
Service abuse: Callback phishing via Microsoft Teams invite | Sublime Security | 2mo ago Dec 12th, 2025 | /feeds/core/detection-rules/service-abuse-callback-phishing-via-microsoft-teams-invite-13e35e5f | |
Service abuse: Cisco secure email service with financial request | Sublime Security | 5mo ago Oct 1st, 2025 | /feeds/core/detection-rules/service-abuse-cisco-secure-email-service-with-financial-request-43a6daa8 | |
Service abuse: DocSend share from an unsolicited reply-to address | Sublime Security | 6d ago Mar 4th, 2026 | /feeds/core/detection-rules/service-abuse-docsend-share-from-an-unsolicited-reply-to-address-b377e64c | |
Service abuse: DocSend share from newly registered domain | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-docsend-share-from-newly-registered-domain-3bc152f2 | |
Service abuse: DocuSign notification with suspicious sender or document name | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/service-abuse-docusign-notification-with-suspicious-sender-or-document-name-5e4707cd | |
Service abuse: DocuSign share from an unsolicited reply-to address | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-docusign-share-from-an-unsolicited-reply-to-address-2f12d616 | |
Service abuse: Dropbox share from an unsolicited reply-to address | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/service-abuse-dropbox-share-from-an-unsolicited-reply-to-address-50a1499f | |
Service abuse: Dropbox share from new domain | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-dropbox-share-from-new-domain-0e664bd9 | |
Service abuse: Dropbox share with suspicious sender or document name | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-dropbox-share-with-suspicious-sender-or-document-name-27007c9f | |
Service abuse: Facebook business with action required subject | Sublime Security | 3mo ago Nov 17th, 2025 | /feeds/core/detection-rules/service-abuse-facebook-business-with-action-required-subject-64297d2f | |
Service abuse: File sharing impersonation with external SharePoint links | Sublime Security | 16h ago Mar 9th, 2026 | /feeds/core/detection-rules/service-abuse-file-sharing-impersonation-with-external-sharepoint-links-729661f2 | |
Service abuse: FlipHTML5 with attachment deception and credential theft language | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-fliphtml5-with-attachment-deception-and-credential-theft-language-02464799 | |
Service abuse: Formester with suspicious link behavior | Sublime Security | 2mo ago Dec 19th, 2025 | /feeds/core/detection-rules/service-abuse-formester-with-suspicious-link-behavior-e4b74fd4 | |
Service abuse: GetAccept callback scam content | Sublime Security | 1mo ago Jan 16th, 2026 | /feeds/core/detection-rules/service-abuse-getaccept-callback-scam-content-7ec2f70b | |
Service Abuse: GoDaddy infrastructure | Sublime Security | 2mo ago Jan 7th, 2026 | /feeds/core/detection-rules/service-abuse-godaddy-infrastructure-8a2dd357 | |
Service abuse: Google classroom solicitation | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-google-classroom-solicitation-e9c39e92 | |
Service Abuse: HelloSign share with suspicious sender or document name | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-hellosign-share-with-suspicious-sender-or-document-name-464d98f3 | |
Service abuse: HungerRush domain with SendGrid tracking targeting ProtonMail | Sublime Security | 6d ago Mar 4th, 2026 | /feeds/core/detection-rules/service-abuse-hungerrush-domain-with-sendgrid-tracking-targeting-protonmail-73f62e74 | |
Service abuse: Microsoft Power Automate callback scam impersonation | Sublime Security | 5d ago Mar 5th, 2026 | /feeds/core/detection-rules/service-abuse-microsoft-power-automate-callback-scam-impersonation-18d1c18b | |
Service abuse: Microsoft Power BI callback scam | Sublime Security | 1mo ago Jan 22nd, 2026 | /feeds/core/detection-rules/service-abuse-microsoft-power-bi-callback-scam-7a55388e | |
Service abuse: Monday.com callback scam | Sublime Security | 1mo ago Jan 26th, 2026 | /feeds/core/detection-rules/service-abuse-mondaycom-callback-scam-82cf4502 | |
Service abuse: Monday.com infrastructure with phishing intent | Sublime Security | 18h ago Mar 9th, 2026 | /feeds/core/detection-rules/service-abuse-mondaycom-infrastructure-with-phishing-intent-a346e3b1 | |
Service abuse: Nylas tracking subdomain with suspicious content | Sublime Security | 4d ago Mar 6th, 2026 | /feeds/core/detection-rules/service-abuse-nylas-tracking-subdomain-with-suspicious-content-a3a6c896 |