Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Request for Quote or Purchase (RFQ|RFP) with HTML smuggling attachment | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/request-for-quote-or-purchase-rfqorrfp-with-html-smuggling-attachment-a47a5755 | |
Request for Quote or Purchase (RFQ|RFP) with suspicious sender or recipient pattern | Sublime Security | 9d ago Jan 15th, 2026 | /feeds/core/detection-rules/request-for-quote-or-purchase-rfqorrfp-with-suspicious-sender-or-recipient-pattern-2ac0d329 | |
Salesforce infrastructure abuse | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/salesforce-infrastructure-abuse-78a77c70 | |
Self-sent fake PDF attachment with misleading link | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/self-sent-fake-pdf-attachment-with-misleading-link-8a285d2e | |
Sendgrid onmicrosoft.com domain phishing | @ajpc500 | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/sendgrid-onmicrosoftcom-domain-phishing-271f4ae9 | |
Service abuse: Adobe Creative Cloud share from an unsolicited sender address | Sublime Security | 3mo ago Oct 22nd, 2025 | /feeds/core/detection-rules/service-abuse-adobe-creative-cloud-share-from-an-unsolicited-sender-address-47e42ca1 | |
Service abuse: AppSheet infrastructure with suspicious indicators | Sublime Security | 3mo ago Oct 6th, 2025 | /feeds/core/detection-rules/service-abuse-appsheet-infrastructure-with-suspicious-indicators-5937646a | |
Service Abuse: Box file sharing with credential phishing intent | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-box-file-sharing-with-credential-phishing-intent-5bd0cb25 | |
Service abuse: Cisco secure email service with financial request | Sublime Security | 3mo ago Oct 1st, 2025 | /feeds/core/detection-rules/service-abuse-cisco-secure-email-service-with-financial-request-43a6daa8 | |
Service abuse: DocSend share from an unsolicited reply-to address | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/service-abuse-docsend-share-from-an-unsolicited-reply-to-address-b377e64c | |
Service abuse: DocSend share from newly registered domain | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-docsend-share-from-newly-registered-domain-3bc152f2 | |
Service abuse: DocuSign notification with suspicious sender or document name | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/service-abuse-docusign-notification-with-suspicious-sender-or-document-name-5e4707cd | |
Service abuse: DocuSign share from an unsolicited reply-to address | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-docusign-share-from-an-unsolicited-reply-to-address-2f12d616 | |
Service abuse: Dropbox share from an unsolicited reply-to address | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/service-abuse-dropbox-share-from-an-unsolicited-reply-to-address-50a1499f | |
Service abuse: Dropbox share from new domain | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-dropbox-share-from-new-domain-0e664bd9 | |
Service abuse: Dropbox share with suspicious sender or document name | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-dropbox-share-with-suspicious-sender-or-document-name-27007c9f | |
Service Abuse: ExactTarget with suspicious sender indicators | Sublime Security | 2mo ago Nov 8th, 2025 | /feeds/core/detection-rules/service-abuse-exacttarget-with-suspicious-sender-indicators-6154f197 | |
Service abuse: FlipHTML5 with attachment deception and credential theft language | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-fliphtml5-with-attachment-deception-and-credential-theft-language-02464799 | |
Service abuse: Free provider with SendGrid routing | Sublime Security | 16d ago Jan 8th, 2026 | /feeds/core/detection-rules/service-abuse-free-provider-with-sendgrid-routing-3079cacb | |
Service Abuse: GoDaddy infrastructure | Sublime Security | 17d ago Jan 7th, 2026 | /feeds/core/detection-rules/service-abuse-godaddy-infrastructure-8a2dd357 | |
Service abuse: Google application integration redirecting to suspicious hosts | Sublime Security | 1mo ago Dec 17th, 2025 | /feeds/core/detection-rules/service-abuse-google-application-integration-redirecting-to-suspicious-hosts-473d3247 | |
Service abuse: HelloSign from an unsolicited sender address | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/service-abuse-hellosign-from-an-unsolicited-sender-address-68ca0753 | |
Service Abuse: HelloSign share with suspicious sender or document name | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-hellosign-share-with-suspicious-sender-or-document-name-464d98f3 | |
Service abuse: Monday.com infrastructure with phishing intent | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-mondaycom-infrastructure-with-phishing-intent-a346e3b1 | |
Service abuse: Payoneer callback scam | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-payoneer-callback-scam-b7fb174c | |
Service abuse: QuickBooks notification from new domain | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-quickbooks-notification-from-new-domain-c4f46473 | |
Service abuse: QuickBooks notification with suspicious comments | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-quickbooks-notification-with-suspicious-comments-a23d0950 | |
Service abuse: SendGrid-formatted link with actor-controlled fragment | Sublime Security | 2mo ago Nov 24th, 2025 | /feeds/core/detection-rules/service-abuse-sendgrid-formatted-link-with-actor-controlled-fragment-cb511fe9 | |
Service abuse: SurveyMonkey survey from newly registered domain | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-surveymonkey-survey-from-newly-registered-domain-50a85fa7 | |
Service abuse: Suspicious Zoom Docs link | Sublime Security | 1mo ago Dec 2nd, 2025 | /feeds/core/detection-rules/service-abuse-suspicious-zoom-docs-link-064b2594 | |
Service abuse: Task management message sent via SendGrid | Sublime Security | 3mo ago Oct 6th, 2025 | /feeds/core/detection-rules/service-abuse-task-management-message-sent-via-sendgrid-568a63f5 | |
Service abuse: Wix redirect through bulk mailer domains | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-wix-redirect-through-bulk-mailer-domains-60af216d | |
Sharepoint file share with suspicious recipients pattern | Sublime Security | 2y ago Mar 27th, 2024 | /feeds/core/detection-rules/sharepoint-file-share-with-suspicious-recipients-pattern-998a0826 | |
Sharepoint online with external recipients and external display name | @vector_sec | 3y ago Aug 17th, 2023 | /feeds/core/detection-rules/sharepoint-online-with-external-recipients-and-external-display-name-5579bb4b | |
Shopify infrastructure abuse | Sublime Security | 2y ago Nov 13th, 2024 | /feeds/core/detection-rules/shopify-infrastructure-abuse-844ff164 | |
Spam: BlackBaud infrastructure abuse | Sublime Security | 2y ago Jan 17th, 2024 | /feeds/core/detection-rules/spam-blackbaud-infrastructure-abuse-3db46591 | |
Spam: Fake photo share | Sublime Security | 2mo ago Nov 8th, 2025 | /feeds/core/detection-rules/spam-fake-photo-share-eb086f7d | |
Spam: Firebase password reset from suspicious sender | Sublime Security | 1mo ago Dec 2nd, 2025 | /feeds/core/detection-rules/spam-firebase-password-reset-from-suspicious-sender-a2f673a9 | |
Spam/fraud: Predatory journal/research paper request | Sublime Security | 2mo ago Nov 3rd, 2025 | /feeds/core/detection-rules/spamfraud-predatory-journalresearch-paper-request-263ca56b | |
Spam: Image as content with hidden HTML element | Sublime Security | 5h ago Jan 23rd, 2026 | /feeds/core/detection-rules/spam-image-as-content-with-hidden-html-element-5de8861f | |
Spam: Unsolicited malformed PDF | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/spam-unsolicited-malformed-pdf-f0c50031 | |
Subject and sender display name contains matching long alphanumeric string | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/subject-and-sender-display-name-contains-matching-long-alphanumeric-string-a8a0c831 | |
Subject: Suspicious bracketed reference | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/subject-suspicious-bracketed-reference-663dbce4 | |
Suspected cross-site scripting (XSS) found in subject | Sublime Security | 4mo ago Sep 4th, 2025 | /feeds/core/detection-rules/suspected-cross-site-scripting-xss-found-in-subject-8a946cfa | |
Suspected lookalike domain with suspicious language | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspected-lookalike-domain-with-suspicious-language-3674ced0 | |
Suspicious attachment: Duplicate decoy PDF files | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/suspicious-attachment-duplicate-decoy-pdf-files-79b9b2e7 | |
Suspicious attachment with unscannable Cloudflare link | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-attachment-with-unscannable-cloudflare-link-00f92b6f | |
Suspicious DocuSign share from new domain | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/suspicious-docusign-share-from-new-domain-d430a1f3 | |
Suspicious link to Looker Studio (lookerstudio.google.com) from a new and unsolicited sender | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-link-to-looker-studio-lookerstudiogooglecom-from-a-new-and-unsolicited-sender-dbb50cb4 | |
Suspicious message with unscannable Vercel link | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/suspicious-message-with-unscannable-vercel-link-b5acffe7 |