Sublime Security Blog

Blog URL

sublime.security/blog

Posts YTD

1 ↓ vs 3 last year

Avg Posts/Month

1.3 since 2022

Monthly Post Volume

Start year: 2023 2024 2025 2026

Post Details

Search:

Title	Author	Published	Words	HN Pts
Combating GenAI Email Attacks with BERT LLM	Aryan Luthra	2024-10-21	1,512	--
Everything old is new again: 3 trends from Black Hat USA, BSides …	Andrew Becherer	2025-08-18	832	--
Key findings from the Q1 2025 Sublime Email Threat Research Report	Machine Learning Team	2025-04-28	580	--
Tycoon 2FA credential phishing with cloned internal employee login	Peter Djordjevic	2025-03-27	702	--
Direct Send abuse on Microsoft 365: Just another failed authentication	Peter Djordjevic	2025-10-23	1,629	--
Microsoft OAuth URL used as redirect to AITM credential phishing site	Brandon Murphy	2025-03-20	632	--
Email bomb detection and prevention with Sublime	Dr. Anna Bertiger	2025-08-28	855	--
Detecting an email-based ClickFix attack that delivers DCRat malware payload	Josh "Soup" Campbell	2025-05-29	898	--
Hiding a $50,000 BEC financial fraud in a fake email thread	Sam Scholten	2025-01-07	825	--
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits	Brandon Webster	2025-02-18	1,326	--
How ASA thinks: The technical architecture of Sublime's Autonomous Security Analyst	Aryan Luthra	2025-05-15	1,573	--
5 email security trends from 2025	Brian Baskin	2025-12-29	785	--
Detecting Credential Phishing using Deep Learning + MQL	Bobby Filar	2023-03-30	1,017	--
Figma abuse from compromised vendor used in credential theft attack	Sam Scholten	2025-04-30	475	--
Fake invoice used to conduct $16,800 BEC attempt	Threat Detection Team	2024-06-26	249	--
Living Off the Land: Credential Phishing via Docusign abuse	Brandon Murphy	2024-11-14	580	--
Sublime NLU 3.0: Faster, more accurate, future-proof defense against AI email attacks	Aryan Luthra	2025-08-13	905	--
Sublime raises Series B to... keep doing what we've been doing, but …	Josh Kamdjou	2024-12-12	734	--
You've been invited to join a Meta for Business scam!	Luke Wescott	2025-11-21	872	--
Sublime Attack Score: Explainable, AI-backed threat analysis	Bobby Filar	2024-06-10	783	--
Elastic + Sublime: Adding email to your security and observability stack	AJ Williams	2025-04-17	749	--
Introducing ASA: The Autonomous Security Analyst for email	AJ Williams	2025-04-23	536	--
ICS phishing: Stopping a surge of malicious calendar invites	Ahry Jeon	2025-11-03	1,131	--
Who are you trying to April Fool with that email scam?	Threat Detection Team	2025-04-01	627	--
Living Off the Land: Callback Phishing via Docusign comment	Brandon Murphy	2024-11-06	422	--
Seeing both sides of a service abuse financial fraud using YOPmail disposable …	Josh "Soup" Campbell	2025-03-13	659	--
Community Spotlight: Email Detection Rules built by the Sublime Community	Threat Detection Team	2025-06-18	760	--
Detecting malicious AnonymousFox email messages sent from compromised sites	Sam Scholten	2024-12-04	571	--
AITM phishing with Russian infrastructure and detection evasion from a lapsed domain	Brandon Murphy	2025-06-12	3,134	--
Callback phishing with online appointment abuse and distribution lists	Brandon Webster	2025-09-04	727	--
Abusing Discord to deliver Agent Tesla malware	Threat Detection Team	2024-07-02	301	--
Sublime raises $150M Series C to arm defenders for the post-LLM world	Josh Kamdjou	2025-10-28	346	--
QR Code Phishing: Decoding Hidden Threats	Sam Scholten	2023-10-04	1,372	--
Announcing our $20M Series A to redefine email security	Josh Kamdjou	2024-04-24	1,448	--
Call Me Maybe? The Rise of Callback Phishing Emails	Sam Scholten	2023-09-06	1,354	--
Salesforce infrastructure abuse: Stopping email scams and spam sent via SFDC	Brandon Murphy	2025-11-13	1,011	--
Talking phish over turkey	Brandon Murphy	2024-11-27	997	--
Adversarial ML: Extortion via LLM Manipulation Tactics	Threat Detection Team	2024-10-30	572	--
Enhanced message groups: Improving efficiency in email incident response	AJ Williams	2025-01-24	918	--
Google Careers impersonation credential phishing scam with endless variation	Brandon Murphy	2025-10-14	1,261	--
Correlate Sublime Logs in Panther for Centralized Threat Detection	Robbie Adams	2024-09-26	685	--
Email Topic Modeling: Simplifying detection with ML-powered granularity	Aryan Luthra	2025-02-07	992	--
TROX Stealer: A deep dive into a new Malware as a Service …	Threat Research Team	2025-04-10	2,586	--
Scripting Vector Grifts: SVG phishing with smuggled JS and adversary in the …	Brandon Murphy	2025-02-25	742	--
Keitaro TDS abused to deliver AutoIT-based loader targeting German speakers	Bryan Campbell	2025-07-24	1,532	--
UK Home Office visa & immigration scam targets Sponsor Management System accounts	Bryan Campbell	2025-10-08	974	--
Living Off Trusted Sites: Zoom service abuse to deliver credential phishing attack	Josh "Soup" Campbell	2025-07-02	521	--
Introduction to Message Query Language (MQL)	Ross Wolf	2023-03-24	1,562	--
Facebook credential phishing with job scams impersonating well-known companies	Bryan Campbell	2025-10-16	651	--
Evolving our brand as Sublime grows	Omar Jalalzada	2025-12-16	849	--
Hidden credential phishing within EML attachments	Aiden Mitchell	2024-11-20	395	--
Unmasking BEC attacks using Natural Language Understanding + MQL	Bobby Filar	2023-04-18	1,093	--
ScreenConnect as malware via Canva abuse and Docusign impersonation	Brian Baskin	2025-05-08	1,527	--
Callback phishing via invoice abuse and distribution list relays	Brandon Murphy	2024-12-19	1,039	--
How to build fast similarity search for email from the ground up	Ross Wolf	2025-12-18	2,932	--
Welcoming Andrew Becherer as Sublime's CISO	Josh Kamdjou	2025-04-21	311	--
Phishing for Xfinity credentials with malicious Zoom Docs	Brandon Webster	2025-07-17	549	--
Sublime's AI agents are just the tip of the platform	Aryan Luthra	2025-12-04	1,460	--
Credential phishing Charles Schwab account holders with 2FA bypass	Aiden Mitchell	2025-01-29	417	--
Detecting QakBot: WSF attachments, OneNote files, and generic attack surface reduction	Sam Scholten	2023-04-12	849	--
More than "plausible nonsense": A rigorous eval for ADÃ, our security coding …	Bobby Filar	2025-09-25	1,673	--
Fake Meta Ads Manager in App Store and TestFlight used to phish …	Brandon Webster	2025-09-23	816	--
$500K financial fraud built on BEC, a domain lookalike, and a fake …	Sam Scholten	2025-04-03	687	--
Introducing Sublime: A new, open approach to email security	Josh Kamdjou	2023-02-22	1,197	--
Using the X/Twitter link shortener (t.co) to hide an AITM credential phishing …	Brandon Webster	2025-06-25	504	--
Multi-RMM attack: Splashtop Streamer and Atera payloads delivered via Discord CDN link	Josh "Soup" Campbell	2025-07-31	600	--
Payroll Fraud via LLM-Generated Emails	Threat Detection Team	2024-08-30	532	--
Automatic malicious calendar event remediation	Ahry Jeon	2025-12-09	368	--
Technical deep dive of NLU 3.0: Modular, multi-headed, with advanced synthetic training	Stefano Meschiari	2025-08-26	959	--
B2B freight-forwarding scams on the rise to evade financial fraud crackdowns	Sam Scholten	2024-12-17	976	--
Xloader deep dive: Link-based malware delivery via SharePoint impersonation	Threat Research Team	2024-12-11	1,975	--
Impersonated Evite and Punchbowl invitations used for credential phishing and malware distribution	Brandon Webster	2025-10-02	1,071	--
Meet ADÃ: The Autonomous Detection Engineer for email	AJ Williams	2025-09-11	655	--
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques	Sam Scholten	2024-03-23	1,135	--
Base64-encoding an SVG attack within an iframe and hiding it all in …	Sam Scholten	2025-03-06	848	--
HostPapa abuse treasure trove discovered in GoDaddy email threat hunt	Peter Djordjevic	2026-01-06	1,399	--

Plushcap, by Matt Makai. 2021-2026.