Community Discussions

Recent Discussions

XRed Malware Campaign Targets Multinational Organizations : 10 December 2025
Key Points Malware campaign impersonating the Indian Ministry of Finance and Income Tax Department Low-volume, strategically targeted campaign predominantly spanning financial services, professional services, and corporate services sectors across UK and US businesses with entity in India VBS script downloads and executes…
Holiday Party Invitations Deliver Remote Access Tools : 5 December 2025
Key Points Threat actors are leveraging the holiday season by impersonating legitimate party invitation services like Punchbowl to distribute remote monitoring and management (RMM) tools Targeting US businesses predominately in the Finance, Professional Services (Accounting, Legal) and Real Estate industries Links within…
Introducing Multi-Vector Threat Protection
Introducing Multi-Vector Threat Protection: Correlated Intelligence, Complete Protection We're excited to announce the general availability of Multi-Vector Threat Protection for Email Security Cloud Gateway customers with CyberGraph or Advanced BEC Protection. This enhanced capability represents a significant evolution in…
What Would You Like to Discuss
Good day Community, I opened this area to share thoughts about general cybersecurity topics and themes without focusing on Mimecast products. Since this is for you, what would you like to discuss? The Lounge is a special corner of our community: a space where conversations can flow freely, and YOU get to guide the topics…
Introducing Search & Discover for Email
A Powerful Enhancement for Cloud Archive Customers In today's workplace, business communications go well beyond email. With instant messaging apps like Teams and Slack, file sharing, and numerous collaboration platforms, critical data is spread across multiple channels. Finding and governing this information quickly is…
Creating Effective Holiday Shopping Phishing Templates
As the holiday season approaches, cybercriminals ramp up their efforts to exploit shoppers’ excitement for deals and promotions. Crafting realistic phishing templates that mimic the offers from popular retailers is a crucial step in preparing security awareness training for employees and customers alike. In this…
Update: Impact of New Outlook on Mimecast Products - December 2025
We're providing this update to keep you informed about our progress on delivering Mimecast functionality within Microsoft's New Outlook environment. As we approach the late 2025 timeframe for our intermediate solution, we want to ensure all customers understand where we are and what to expect in the coming months. Since…
HR Bonus-Themed QR Code Phishing Campaign Exploiting Year-End Corporate Processes : 21 November 2025
Key Points Threat Type: Credential harvesting via QR code phishing Brand Impersonated: DocuSign, company HR departments Primary Vector: Compromised email accounts sending PDF attachments with embedded QR codes Campaign Overview The Mimecast Threat Research team has identified an active credential harvesting campaign…
New Employee Phishing Campaign Targets Microsoft 365 Credentials : 05 November 2025
Key Points Credential harvesting campaign impersonating new employee notifications across multiple organizations Multi-stage attack flow utilizing fake verification pages and CAPTCHA to evade detection Leverages FlowerStorm phishing-as-a-service platform with Adversary-in-the-Middle capabilities to bypass MFA Campaign…
Common Social Engineering Lures Used to Deploy Remote Monitoring Management Tools for Initial Access
10 October 2025 Key Points Continued shift from traditional malware delivery to abuse of legitimate Remote Monitoring and Management (RMM) tools for initial access Campaigns targeting organizations across multiple industries using social engineering lures including fake payment receipts, meeting invitations, and tax…
Mail enabled Distribution lists - Allow/Block for/from External Senders
Good day, we are a large school board in Canada with 10,000 staff and 85,000 students. Our AD Groups are 20,000+ in numbers. Our current Directory Sync is via Azure which has imported ALL of the groups and not just the mail enabled ones. Our intent is to only allow a small group of external senders to be allowed to email…
A Christmas Movie: Yes or No?
Holiday Party Invitations Deliver Remote Access Tools : 5 December 2025
Key Points Threat actors are leveraging the holiday season by impersonating legitimate party invitation services like Punchbowl to distribute remote monitoring and management (RMM) tools Targeting US businesses predominately in the Finance, Professional Services (Accounting, Legal) and Real Estate industries Links within…
The Impact of New Outlook on Mimecast Products: What You Need to Know
[info callout] An update has been published that contains more recent information. Please see the latest information here. Microsoft's New Outlook represents a significant shift in how organizations interact with their email systems. This transition has important implications for Mimecast customers using products like…
Introducing Human Risk Scorecards for End Users in Mimecast Engage
Mimecast Engage’s new Human Risk Scorecards for end users put actionable security insights directly in your people’s hands—helping everyone understand, own, and improve their role in protecting your organization. See Your Security Impact—One User at a Time Mimecast is excited to announce the launch of Human…
URL Pre Scanning Available Now!
Stop Malicious URLs Before They Reach Your Users Inbox Email security is evolving, and Mimecast is leading the charge with a fundamental shift in how we protect your organization from URL-based threats. We're excited to announce URL Pre-Delivery Scan—a capability that transforms our approach from reactive protection to…
Verification code stripped out of emails
Good evening, we have some users in Australia who use a company called Telstra as their communication / internet provider. For some unusual reason when they send verification emails containing a code, it is stripped out completely from the body of the email. The actual email arrives but with nothing in the body. Is this…
How are links like this created?
I found a link like this, it redirects you to a link https://url.us.m.mimecastprotect.com/s/sVS7CQWBkofX58jyFx1sOD?domain=github.com, How is it created?
Building a Realistic and Global Phishing Simulation Library
In today’s digital landscape, phishing attacks remain one of the most persistent threats to individuals and organizations alike. To empower security teams with robust simulation tools that reflect the evolving tactics of cybercriminals, our team embarked on a project to develop a comprehensive set of phishing templates.…
10 Emerging Cyber Threats To Watch Closely In 2026
Good day Community - I found this article in Cyber Management Alliance and wanted to share it and get your thoughts: no surprise AI is on the list 😎 "Emerging cyber threats are racing through blind spots that didn’t even exist a year ago. What used to be a “rare exploit” is now a Tuesday afternoon. And the problem is that…