Community Discussions

Recent Discussions

Phishing Templates Inspired by XRED Threat Intelligence
Our newest phishing templates for Engage are built on insights from Mimecast’s Threat Intelligence Group research into the XRED Malware Campaign (read more here). We’re delivering these templates with an eye toward the tactics used by XRED, including warnings about strict compliance windows, low-effort responses to…
Threat Actors Exploit Social Causes to Manipulate User Behavior: 10 February 2026
Key Points Phishing campaigns exploiting Pride Month themes to trigger emotional responses and bypass security awareness Campaign occurred in two distinct waves: December 2025 with 504 targets followed by January 2026 escalation to 4,768 targets, totalling 5,272 organizations across US, UK, Germany, Australia, South…
XRed Malware Campaign Targets Multinational Organizations : 10 December 2025
Key Points Malware campaign impersonating the Indian Ministry of Finance and Income Tax Department Low-volume, strategically targeted campaign predominantly spanning financial services, professional services, and corporate services sectors across UK and US businesses with entity in India VBS script downloads and executes…
Holiday Party Invitations Deliver Remote Access Tools : 5 December 2025
Key Points Threat actors are leveraging the holiday season by impersonating legitimate party invitation services like Punchbowl to distribute remote monitoring and management (RMM) tools Targeting US businesses predominately in the Finance, Professional Services (Accounting, Legal) and Real Estate industries Links within…
Holiday Party Invitations Deliver Remote Access Tools : 5 December 2025
Key Points Threat actors are leveraging the holiday season by impersonating legitimate party invitation services like Punchbowl to distribute remote monitoring and management (RMM) tools Targeting US businesses predominately in the Finance, Professional Services (Accounting, Legal) and Real Estate industries Links within…
HR Bonus-Themed QR Code Phishing Campaign Exploiting Year-End Corporate Processes : 21 November 2025
Key Points Threat Type: Credential harvesting via QR code phishing Brand Impersonated: DocuSign, company HR departments Primary Vector: Compromised email accounts sending PDF attachments with embedded QR codes Campaign Overview The Mimecast Threat Research team has identified an active credential harvesting campaign…
New Employee Phishing Campaign Targets Microsoft 365 Credentials : 05 November 2025
Key Points Credential harvesting campaign impersonating new employee notifications across multiple organizations Multi-stage attack flow utilizing fake verification pages and CAPTCHA to evade detection Leverages FlowerStorm phishing-as-a-service platform with Adversary-in-the-Middle capabilities to bypass MFA Campaign…
Common Social Engineering Lures Used to Deploy Remote Monitoring Management Tools for Initial Access
10 October 2025 Key Points Continued shift from traditional malware delivery to abuse of legitimate Remote Monitoring and Management (RMM) tools for initial access Campaigns targeting organizations across multiple industries using social engineering lures including fake payment receipts, meeting invitations, and tax…
10 Emerging Cyber Threats To Watch Closely In 2026
Good day Community - I found this article in Cyber Management Alliance and wanted to share it and get your thoughts: no surprise AI is on the list 😎 "Emerging cyber threats are racing through blind spots that didn’t even exist a year ago. What used to be a “rare exploit” is now a Tuesday afternoon. And the problem is that…
Mimecast Global Threat Intelligence Report – Policy Recommendations
Essential Mimecast Configurations Based on 2025 Global Threat IntelligenceThe cybersecurity landscape continues to evolve at breakneck speed, and our 2025 Global Threat Intelligence Report reveals concerning trends that demand immediate attention. Advanced business email compromise attacks are becoming more sophisticated,…