Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Spam: URL shortener with short body content and emojis | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/spam-url-shortener-with-short-body-content-and-emojis-b7797e4c | |
Suspicious attachment with unscannable Cloudflare link | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-attachment-with-unscannable-cloudflare-link-00f92b6f | |
Suspicious Links to Cloudflare R2 and Edge Services | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-links-to-cloudflare-r2-and-edge-services-5dd3e5c8 | |
Suspicious link to Looker Studio (lookerstudio.google.com) from a new and unsolicited sender | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-link-to-looker-studio-lookerstudiogooglecom-from-a-new-and-unsolicited-sender-dbb50cb4 | |
Suspicious message with unscannable Cloudflare link | Sublime Security | 4mo ago Sep 22nd, 2025 | /feeds/core/detection-rules/suspicious-message-with-unscannable-cloudflare-link-70ea21f9 | |
Suspicious message with unscannable Vercel link | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/suspicious-message-with-unscannable-vercel-link-b5acffe7 | |
Suspicious newly registered reply-to domain with engaging financial or urgent language | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-newly-registered-reply-to-domain-with-engaging-financial-or-urgent-language-db4d9bb3 | |
Suspicious Office 365 app authorization (OAuth) link | Sublime Security | 11mo ago Feb 4th, 2025 | /feeds/core/detection-rules/suspicious-office-365-app-authorization-oauth-link-13a8c430 | |
Suspicious recipient pattern and language with low reputation link to login | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-recipient-pattern-and-language-with-low-reputation-link-to-login-a8ea0402 | |
Suspicious recipients pattern with NLU credential theft indicators | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-recipients-pattern-with-nlu-credential-theft-indicators-8e121c3e | |
Suspicious recipients pattern with no Compauth pass and suspicious content | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-recipients-pattern-with-no-compauth-pass-and-suspicious-content-34fb65f6 | |
Suspicious SharePoint file sharing | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/suspicious-sharepoint-file-sharing-971c3d9c | |
Truth Social infrastructure abuse via link redirect | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/truth-social-infrastructure-abuse-via-link-redirect-aaaa30a8 | |
Twitter infrastructure abuse via link shortener | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/twitter-infrastructure-abuse-via-link-shortener-99ca165e | |
URLhaus: Malicious domain in message body or pdf attachment (trusted reporters) | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/urlhaus-malicious-domain-in-message-body-or-pdf-attachment-trusted-reporters-cfca2986 | |
URL with Unicode U+2044 (⁄) or U+2215 (∕) characters | @delivr_to | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/url-with-unicode-u2044-or-u2215-characters-12069f5b | |
Vendor compromise: GovDelivery message with suspicious link | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/vendor-compromise-govdelivery-message-with-suspicious-link-0d2d5172 | |
Xero infrastructure abuse | Sublime Security | 2mo ago Nov 3rd, 2025 | /feeds/core/detection-rules/xero-infrastructure-abuse-918c4bd3 | |
Zoom Events newsletter abuse | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/zoom-events-newsletter-abuse-c8fce846 |