The $47,320 Invoice That Came With a W-9 and a Personal Bank Account 2026-05-29 True [email protected] (Audian Paxson)True The Collections Notice From a Fortune 500 Lab: Compromised Thermo Fisher Account via Oracle Cloud Relay 2026-05-28 True [email protected] (Audian Paxson)True The Contract Email That Wasn't Spelled the Way You Think: Unicode Homoglyphs, a QR Code, and a Marketing Gateway 2026-05-27 True [email protected] (Audian Paxson)True The Zoho Sign Request That Passed Every Check Except the Reply-To: Government Impersonation via E-Sign Infrastructure 2026-05-26 True [email protected] (Audian Paxson)True The FedEx Email That Salesforce Authenticated and Qualtrics Delivered: Data Harvesting Through Three Layers of Trust 2026-05-25 True [email protected] (Audian Paxson)True The SOC Alert That Came From a Compromised FinTech: An Authenticated BlueVine Sender Delivering a Typosquat Link Buried in Operational Context 2026-05-24 True [email protected] (Audian Paxson)True The Datadog Alert That Came From the Wrong Domain: Authenticated Brand Impersonation With All Links Pointing to Real Infrastructure 2026-05-23 True [email protected] (Audian Paxson)True The Warranty Form With a Windows Executable Hidden Inside a GIF 2026-05-21 True [email protected] (Audian Paxson)True The SharePoint Share That Passed Every Check: A Compromised M365 Tenant With DMARC Reject and Tokenized Links 2026-05-20 True [email protected] (Audian Paxson)True The Webinar Invite That Came With an Apple Wallet Pass and a Three-Hop Redirect Chain 2026-05-19 True [email protected] (Audian Paxson)True The Spreadsheet That Arrived Twice: CR/LF Filename Obfuscation and a Base64 Shadow Payload 2026-05-18 True [email protected] (Audian Paxson)True The Bank Statement You Had to Unlock With Your Birthday: PII-Gated PDF Evasion From Authenticated Infrastructure 2026-05-17 True [email protected] (Audian Paxson)True The Reply-To Was One Letter Off: How a Typosquat Domain Turned a Gmail BEC Into a Payment Diversion 2026-05-16 True [email protected] (Audian Paxson)True Amazon Said You Owe $879. The Phone Number Was the Payload. 2026-05-15 True [email protected] (Audian Paxson)True The .com That Wasn't the .org: TLD Confusion in a Payroll Email With an Empty Body 2026-05-14 True [email protected] (Audian Paxson)True The Spreadsheet With No Macros and One Hidden Link: External Relationships in Office XML 2026-05-13 True [email protected] (Audian Paxson)True A School Email That Passed Authentication Twice, Then Changed: Post-Signing Content Injection via Compromised .sch.uk Domain 2026-05-12 True [email protected] (Audian Paxson)True The Teams Invite That Came From the Wrong Domain: Display-Name Impersonation With All-Legitimate Links 2026-05-11 True [email protected] (Audian Paxson)True The .pro Domain That Built a Perfect M365 Tenant Just to Send One Google Docs Link 2026-05-10 True [email protected] (Audian Paxson)True Perfect Authentication, Zero Payload: The Yahoo Free-Mail BEC That Microsoft Flagged but Didn't Block 2026-05-09 True [email protected] (Audian Paxson)True The Government Email That Authenticated Itself After Transit 2026-05-08 True [email protected] (Audian Paxson)True The PayPal Invoice That Passed Every Check Because PayPal Actually Sent It 2026-05-07 True [email protected] (Audian Paxson)True A Generic Extortion Template, a Mailgun Relay, and a Domain Registered to Look Legitimate 2026-05-06 True [email protected] (Audian Paxson)True The Unsubscribe Button Was the Payload: How a Fake Health Email Weaponized Opt-Out Compliance 2026-05-05 True [email protected] (Audian Paxson)True A Fully Authenticated Bank Alert Hides Its Payload in a Phone Number 2026-05-04 True [email protected] (Audian Paxson)True The Security Tool That Delivered the $48,500 Invoice Fraud 2026-05-03 True [email protected] (Audian Paxson)True When Google Is the Phishing Infrastructure: Authenticated Credential Harvesting via Search Console 2026-05-02 True [email protected] (Audian Paxson)True Insurance Claim PDF Hides JavaScript Behind AcroForm Fields and SendGrid Redirects 2026-05-01 True [email protected] (Audian Paxson)True DocuSign Plus Invoice: A 12-Day-Old Domain and an esvalabs Redirect Chain That Scanners Missed 2026-04-30 True [email protected] (Audian Paxson)True 3 Messages on Hold: How an Authenticated Australian Domain Posed as a Security Center 2026-04-29 True [email protected] (Audian Paxson)True Three Domains, One CEO: How a Payroll Group BEC Used Mailjet to Bypass Every Filter 2026-04-28 True [email protected] (Audian Paxson)True RE: Christopher: How a Thread Hijack Rode Salesforce Marketing Cloud Into the Inbox 2026-04-27 True [email protected] (Audian Paxson)True DocuSign Phish Weaponizes Google Maps as a Redirect Proxy to Amazon S3 2026-04-26 True [email protected] (Audian Paxson)True When the Phishing Kit Ships Early: Exposed Template Variables Reveal Attack Infrastructure 2026-04-25 True [email protected] (Audian Paxson)True The Attachment Inside the Attachment: How Nested RFC822 Messages Evade Parser-Based Detection 2026-04-24 True [email protected] (Audian Paxson)True Hungarian Bank, Nepali Domain, Broken Encoding: How a K&H Bank Phishing Kit Exposed Itself 2026-04-23 True [email protected] (Audian Paxson)True Sign Here, Get Phished: Inside an Adobe Sign Lure With a Multi-Hop Redirect to Credential Theft 2026-04-22 True [email protected] (Audian Paxson)True One Missing Letter, One Stolen Payment: A Reply-To Typosquat That Beat the Spam Score 2026-04-21 True [email protected] (Audian Paxson)True The URL That Put adobe.com in the Wrong Place 2026-04-20 True [email protected] (Audian Paxson)True The Zoho Invoice That Was Four Months Late (And Kept Its Receipts on Google Drive) 2026-04-19 True [email protected] (Audian Paxson)True The PDF Scanner Couldn't Open the Attachment (But the Victim Could) 2026-04-18 True [email protected] (Audian Paxson)True An Encrypted Attachment, an Empty Body, and a Scanner That Couldn't Look Inside 2026-04-17 True [email protected] (Audian Paxson)True The DocuSign That Lived on an S3 Bucket (and Couldn't Decide Who Sent It) 2026-04-16 True [email protected] (Audian Paxson)True Past Due Invoice, Future Wire Fraud: How a BEC Campaign Passed Every Authentication Check 2026-04-16 True [email protected] (Audian Paxson)True The Childcare App That Passed Every Security Check (The Reply-To Header Didn't) 2026-04-14 True [email protected] (Audian Paxson)True The Subdomain That Fused Two Trusted Brands Into One Convincing Lie 2026-04-13 True [email protected] (Audian Paxson)True The Password Expiry Email That Hid Its Destination in a Base64 Fragment 2026-04-12 True [email protected] (Audian Paxson)True Purpose-Built Look-Alike Sending Domain Passes Full Authentication to Impersonate Training Brand 2026-04-11 True [email protected] (Audian Paxson)True The Timestamp That Gave It Away: Oracle Identity Cloud Phishing Targets K-12 with a Stale Timezone 2026-04-10 True [email protected] (Audian Paxson)True The GitLab Alert That Passed Every Filter (Except One Detail Nobody Checked) 2026-04-09 True [email protected] (Audian Paxson)True 
