Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
CVE-2023-5631 - Roundcube Webmail XSS via crafted SVG | Sublime Security | 2y ago Feb 23rd, 2024 | /feeds/core/detection-rules/cve-2023-5631-roundcube-webmail-xss-via-crafted-svg-8405d61b | |
Deceptive Dropbox mention | Sublime Security | 23d ago Dec 15th, 2025 | /feeds/core/detection-rules/deceptive-dropbox-mention-58a107bc | |
EML attachment with credential theft language (unknown sender) | Sublime Security | 3mo ago Oct 3rd, 2025 | /feeds/core/detection-rules/eml-attachment-with-credential-theft-language-unknown-sender-00e06af1 | |
Extortion / sextortion (untrusted sender) | Sublime Security | 19d ago Dec 19th, 2025 | /feeds/core/detection-rules/extortion-sextortion-untrusted-sender-265913eb | |
Fake message thread - Untrusted sender with a mismatched freemail reply-to address | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/fake-message-thread-untrusted-sender-with-a-mismatched-freemail-reply-to-address-ca64e819 | |
Fake shipping notification with link to free file hosting | Sublime Security | 2y ago Jul 10th, 2024 | /feeds/core/detection-rules/fake-shipping-notification-with-link-to-free-file-hosting-6d3fe05e | |
Fake thread with suspicious indicators | Sublime Security | 29d ago Dec 9th, 2025 | /feeds/core/detection-rules/fake-thread-with-suspicious-indicators-c2e18a57 | |
Fake voicemail notification (untrusted sender) | Sublime Security | 20d ago Dec 18th, 2025 | /feeds/core/detection-rules/fake-voicemail-notification-untrusted-sender-74ba7787 | |
Fake Zoho Sign template abuse | Sublime Security | 2y ago Sep 30th, 2024 | /feeds/core/detection-rules/fake-zoho-sign-template-abuse-785fd0d5 | |
Google share notification with suspicious comments | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/google-share-notification-with-suspicious-comments-c69c9924 | |
HTML: Bidirectional (BIDI) HTML override with right to left obfuscation | Sublime Security | 2mo ago Oct 17th, 2025 | /feeds/core/detection-rules/html-bidirectional-bidi-html-override-with-right-to-left-obfuscation-f93940d2 | |
HTML smuggling with atob in message body | Sublime Security | 3y ago Aug 17th, 2023 | /feeds/core/detection-rules/html-smuggling-with-atob-in-message-body-0f86851f | |
Image as content with a link to an open redirect (unsolicited) | Sublime Security | 5mo ago Jul 16th, 2025 | /feeds/core/detection-rules/image-as-content-with-a-link-to-an-open-redirect-unsolicited-f5cec36b | |
Impersonation: Chrome Web Store policy | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/impersonation-chrome-web-store-policy-4a98f283 | |
Impersonation: Fake Gmail attachment | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/impersonation-fake-gmail-attachment-0f5a4e14 | |
Impersonation: SharePoint reply header anomaly | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/impersonation-sharepoint-reply-header-anomaly-78875848 | |
Impersonation: Social Security Administration (SSA) | Sublime Security | 1mo ago Dec 2nd, 2025 | /feeds/core/detection-rules/impersonation-social-security-administration-ssa-6196767e | |
Inline image as message with attachment or link | Sublime Security | 5mo ago Jul 16th, 2025 | /feeds/core/detection-rules/inline-image-as-message-with-attachment-or-link-823d7107 | |
Link: Adobe share with suspicious indicators | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-adobe-share-with-suspicious-indicators-b33cae80 | |
Link: File sharing pretext with suspicious body and link | Sublime Security | 2mo ago Oct 10th, 2025 | /feeds/core/detection-rules/link-file-sharing-pretext-with-suspicious-body-and-link-c5718a8e | |
Link: Microsoft impersonation using hosted png with suspicious link | Sublime Security | 5mo ago Jul 16th, 2025 | /feeds/core/detection-rules/link-microsoft-impersonation-using-hosted-png-with-suspicious-link-07c696d4 | |
Link: PDF and financial display text to free file host | Sublime Security | 3mo ago Sep 24th, 2025 | /feeds/core/detection-rules/link-pdf-and-financial-display-text-to-free-file-host-b010740b | |
Link: Self-sender with sender org in subject and credential theft indicator | Sublime Security | 27d ago Dec 11th, 2025 | /feeds/core/detection-rules/link-self-sender-with-sender-org-in-subject-and-credential-theft-indicator-bfa9aa08 | |
Link: Suspicious SharePoint document name | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-suspicious-sharepoint-document-name-f95fee6e | |
Link: Uncommon SharePoint document type with sender's display name | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-uncommon-sharepoint-document-type-with-senders-display-name-02d290b2 | |
Link: URL scheme obfuscation via split HTML anchors | Sublime Security | 1mo ago Dec 2nd, 2025 | /feeds/core/detection-rules/link-url-scheme-obfuscation-via-split-html-anchors-10375948 | |
Link: Zoho form link from unsolicited sender | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-zoho-form-link-from-unsolicited-sender-eb04a9f2 | |
Microsoft device code phishing | @ajpc500 | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/microsoft-device-code-phishing-61f3ae67 | |
Open redirect (go2.aspx) leading to Microsoft credential phishing | Sublime Security | 28d ago Dec 10th, 2025 | /feeds/core/detection-rules/open-redirect-go2aspx-leading-to-microsoft-credential-phishing-51667096 | |
Open Redirect: Google domain with /url path and suspicious indicators | Sublime Security | 3mo ago Sep 22nd, 2025 | /feeds/core/detection-rules/open-redirect-google-domain-with-url-path-and-suspicious-indicators-fc5adf74 | |
Outlook hyperlink bypass: left-to-right mark (LRM) in base HTML tag | Sublime Security | 28d ago Dec 10th, 2025 | /feeds/core/detection-rules/outlook-hyperlink-bypass-left-to-right-mark-lrm-in-base-html-tag-160cc681 | |
PayPal invoice abuse | Sublime Security | 1mo ago Nov 20th, 2025 | /feeds/core/detection-rules/paypal-invoice-abuse-0ff7a0d4 | |
Potential prompt injection attack in body HTML | Sublime Security | 3mo ago Sep 29th, 2025 | /feeds/core/detection-rules/potential-prompt-injection-attack-in-body-html-5fb24736 | |
QR Code with suspicious indicators | Sublime Security | 26d ago Dec 12th, 2025 | /feeds/core/detection-rules/qr-code-with-suspicious-indicators-04f5c34f | |
Reconnaissance: All recipients cc/bcc'd or undisclosed | Sublime Security | 1mo ago Dec 2nd, 2025 | /feeds/core/detection-rules/reconnaissance-all-recipients-ccbccd-or-undisclosed-420f60d3 | |
Self-sent fake PDF attachment with misleading link | Sublime Security | 22d ago Dec 16th, 2025 | /feeds/core/detection-rules/self-sent-fake-pdf-attachment-with-misleading-link-8a285d2e | |
Service abuse: Adobe Creative Cloud share from an unsolicited sender address | Sublime Security | 2mo ago Oct 22nd, 2025 | /feeds/core/detection-rules/service-abuse-adobe-creative-cloud-share-from-an-unsolicited-sender-address-47e42ca1 | |
Service abuse: Google classroom solicitation | Sublime Security | 2mo ago Oct 17th, 2025 | /feeds/core/detection-rules/service-abuse-google-classroom-solicitation-e9c39e92 | |
Service abuse: HelloSign from an unsolicited sender address | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/service-abuse-hellosign-from-an-unsolicited-sender-address-68ca0753 | |
Service Abuse: HelloSign share with suspicious sender or document name | Sublime Security | 3mo ago Sep 22nd, 2025 | /feeds/core/detection-rules/service-abuse-hellosign-share-with-suspicious-sender-or-document-name-464d98f3 | |
Service abuse: Payoneer callback scam | Sublime Security | 4mo ago Sep 5th, 2025 | /feeds/core/detection-rules/service-abuse-payoneer-callback-scam-b7fb174c | |
Service abuse: QuickBooks notification with suspicious comments | Sublime Security | 3mo ago Sep 17th, 2025 | /feeds/core/detection-rules/service-abuse-quickbooks-notification-with-suspicious-comments-a23d0950 | |
Service abuse: Random Google Firebase sender address with suspicious content | Sublime Security | 1mo ago Nov 26th, 2025 | /feeds/core/detection-rules/service-abuse-random-google-firebase-sender-address-with-suspicious-content-9f8899a9 | |
Service abuse: Suspicious Zoom Docs link | Sublime Security | 1mo ago Dec 2nd, 2025 | /feeds/core/detection-rules/service-abuse-suspicious-zoom-docs-link-064b2594 | |
Service abuse: Trello board invitation with VIP impersonation | Sublime Security | 3mo ago Sep 17th, 2025 | /feeds/core/detection-rules/service-abuse-trello-board-invitation-with-vip-impersonation-fedfc94b | |
Sharepoint link likely unrelated to sender | Sublime Security | 3mo ago Sep 19th, 2025 | /feeds/core/detection-rules/sharepoint-link-likely-unrelated-to-sender-6870f489 | |
Spam: Attendee list solicitation | Sublime Security | 4mo ago Aug 29th, 2025 | /feeds/core/detection-rules/spam-attendee-list-solicitation-69715b62 | |
Spam: Campaign with excessive space/char obfuscation and free file hosted link | Sublime Security | 5mo ago Jul 16th, 2025 | /feeds/core/detection-rules/spam-campaign-with-excessive-spacechar-obfuscation-and-free-file-hosted-link-122bc0ca | |
Spam: Fake photo share | Sublime Security | 2mo ago Nov 8th, 2025 | /feeds/core/detection-rules/spam-fake-photo-share-eb086f7d | |
Spam/fraud: Predatory journal/research paper request | Sublime Security | 2mo ago Nov 3rd, 2025 | /feeds/core/detection-rules/spamfraud-predatory-journalresearch-paper-request-263ca56b |