Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Open redirect (go2.aspx) leading to Microsoft credential phishing | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-go2aspx-leading-to-microsoft-credential-phishing-51667096 | |
Open Redirect: Google domain with /url path and suspicious indicators | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-google-domain-with-url-path-and-suspicious-indicators-fc5adf74 | |
Open redirect: marketing.edinburghairport.com | Sublime Security | 9mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-marketingedinburghairportcom-33a47565 | |
Open redirect: next2.io | Sublime Security | 9mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-next2io-5085c422 | |
Open redirect: people.anuneo.com | Sublime Security | 9mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-peopleanuneocom-2ae83b73 | |
Open redirect: queue.swytchbike.com | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-queueswytchbikecom-916003d1 | |
Open redirect: slubnaglowie.pl | Sublime Security | 9mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-slubnaglowiepl-2ec356d0 | |
Open redirect: Xfinity CMP Redirection to Google AMP | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/open-redirect-xfinity-cmp-redirection-to-google-amp-c0805b80 | |
PayPal invoice abuse | Sublime Security | 27d ago Feb 11th, 2026 | /feeds/core/detection-rules/paypal-invoice-abuse-0ff7a0d4 | |
PHP Mailer with common phishing attachments | @vector_sec | 3y ago Aug 21st, 2023 | /feeds/core/detection-rules/php-mailer-with-common-phishing-attachments-07e03563 | |
Potential prompt injection attack in body HTML | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/potential-prompt-injection-attack-in-body-html-5fb24736 | |
QR Code with suspicious indicators | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/qr-code-with-suspicious-indicators-04f5c34f | |
Reconnaissance: All recipients cc/bcc'd or undisclosed | Sublime Security | 1mo ago Feb 5th, 2026 | /feeds/core/detection-rules/reconnaissance-all-recipients-ccbccd-or-undisclosed-420f60d3 | |
Reconnaissance: Email address harvesting attempt | Sublime Security | 15d ago Feb 23rd, 2026 | /feeds/core/detection-rules/reconnaissance-email-address-harvesting-attempt-bb31efbc | |
Reconnaissance: Empty message from uncommon sender | Sublime Security | 13d ago Feb 25th, 2026 | /feeds/core/detection-rules/reconnaissance-empty-message-from-uncommon-sender-b347cdbc | |
Reconnaissance: Empty subject with mismatched reply-to from new sender | Sublime Security | 1mo ago Feb 6th, 2026 | /feeds/core/detection-rules/reconnaissance-empty-subject-with-mismatched-reply-to-from-new-sender-12f4bd45 | |
Reconnaissance: Hotel booking reply-to redirect | Sublime Security | 1mo ago Jan 27th, 2026 | /feeds/core/detection-rules/reconnaissance-hotel-booking-reply-to-redirect-08c36035 | |
Reconnaissance: Large unknown recipient list | Sublime Security | 3mo ago Nov 24th, 2025 | /feeds/core/detection-rules/reconnaissance-large-unknown-recipient-list-24783a28 | |
Reconnaissance: Short generic greeting message | Sublime Security | 1mo ago Jan 27th, 2026 | /feeds/core/detection-rules/reconnaissance-short-generic-greeting-message-c67dedab | |
Russia return-path TLD (untrusted sender) | Sublime Security | 25d ago Feb 13th, 2026 | /feeds/core/detection-rules/russia-return-path-tld-untrusted-sender-588b3954 | |
Salesforce infrastructure abuse | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/salesforce-infrastructure-abuse-78a77c70 | |
Sendgrid onmicrosoft.com domain phishing | @ajpc500 | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/sendgrid-onmicrosoftcom-domain-phishing-271f4ae9 | |
Sendgrid voicemail phish | Sublime Security | 3mo ago Nov 24th, 2025 | /feeds/core/detection-rules/sendgrid-voicemail-phish-21cad89c | |
Service abuse: Adobe Creative Cloud share from an unsolicited sender address | Sublime Security | 4mo ago Oct 22nd, 2025 | /feeds/core/detection-rules/service-abuse-adobe-creative-cloud-share-from-an-unsolicited-sender-address-47e42ca1 | |
Service abuse: Adobe legitimate domain with document approval language | Sublime Security | 1mo ago Jan 23rd, 2026 | /feeds/core/detection-rules/service-abuse-adobe-legitimate-domain-with-document-approval-language-237f4da4 | |
Service abuse: Adobe Sign notification from an unsolicited reply-to address | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/service-abuse-adobe-sign-notification-from-an-unsolicited-reply-to-address-d00893ba | |
Service Abuse: Box file sharing with credential phishing intent | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-box-file-sharing-with-credential-phishing-intent-5bd0cb25 | |
Service abuse: Cisco secure email service with financial request | Sublime Security | 5mo ago Oct 1st, 2025 | /feeds/core/detection-rules/service-abuse-cisco-secure-email-service-with-financial-request-43a6daa8 | |
Service abuse: DocSend share from an unsolicited reply-to address | Sublime Security | 6d ago Mar 4th, 2026 | /feeds/core/detection-rules/service-abuse-docsend-share-from-an-unsolicited-reply-to-address-b377e64c | |
Service abuse: DocSend share from newly registered domain | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-docsend-share-from-newly-registered-domain-3bc152f2 | |
Service abuse: DocuSign notification with suspicious sender or document name | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/service-abuse-docusign-notification-with-suspicious-sender-or-document-name-5e4707cd | |
Service abuse: DocuSign share from an unsolicited reply-to address | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-docusign-share-from-an-unsolicited-reply-to-address-2f12d616 | |
Service abuse: Dropbox share from an unsolicited reply-to address | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/service-abuse-dropbox-share-from-an-unsolicited-reply-to-address-50a1499f | |
Service abuse: Dropbox share from new domain | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-dropbox-share-from-new-domain-0e664bd9 | |
Service abuse: Dropbox share with suspicious sender or document name | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-dropbox-share-with-suspicious-sender-or-document-name-27007c9f | |
Service Abuse: ExactTarget with suspicious sender indicators | Sublime Security | 4mo ago Nov 8th, 2025 | /feeds/core/detection-rules/service-abuse-exacttarget-with-suspicious-sender-indicators-6154f197 | |
Service abuse: Free provider with SendGrid routing | Sublime Security | 2mo ago Jan 8th, 2026 | /feeds/core/detection-rules/service-abuse-free-provider-with-sendgrid-routing-3079cacb | |
Service abuse: Google account notification with links to free file host | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/service-abuse-google-account-notification-with-links-to-free-file-host-59786115 | |
Service abuse: Google application integration redirecting to suspicious hosts | Sublime Security | 2mo ago Dec 17th, 2025 | /feeds/core/detection-rules/service-abuse-google-application-integration-redirecting-to-suspicious-hosts-473d3247 | |
Service abuse: Google classroom solicitation | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-google-classroom-solicitation-e9c39e92 | |
Service abuse: Google Drive share from an unsolicited reply-to address | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/service-abuse-google-drive-share-from-an-unsolicited-reply-to-address-4581ec0c | |
Service abuse: Google Drive share from new reply-to domain | Sublime Security | 3mo ago Nov 13th, 2025 | /feeds/core/detection-rules/service-abuse-google-drive-share-from-new-reply-to-domain-c1a2d367 | |
Service abuse: HelloSign from an unsolicited sender address | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/service-abuse-hellosign-from-an-unsolicited-sender-address-68ca0753 | |
Service Abuse: HelloSign share with suspicious sender or document name | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-hellosign-share-with-suspicious-sender-or-document-name-464d98f3 | |
Service abuse: Monday.com infrastructure with phishing intent | Sublime Security | 16h ago Mar 9th, 2026 | /feeds/core/detection-rules/service-abuse-mondaycom-infrastructure-with-phishing-intent-a346e3b1 | |
Service abuse: Payoneer callback scam | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-payoneer-callback-scam-b7fb174c | |
Service abuse: QuickBooks notification from new domain | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-quickbooks-notification-from-new-domain-c4f46473 | |
Service abuse: QuickBooks notification with suspicious comments | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-quickbooks-notification-with-suspicious-comments-a23d0950 | |
Service abuse: Random Google Firebase sender address with suspicious content | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-random-google-firebase-sender-address-with-suspicious-content-9f8899a9 | |
Service abuse: Recruiting with suspicious language patterns from legitimate platforms | Sublime Security | 5mo ago Oct 7th, 2025 | /feeds/core/detection-rules/service-abuse-recruiting-with-suspicious-language-patterns-from-legitimate-platforms-29e12696 |