We recently published research that explored open redirect vulnerabilities. In the blog, we discussed how a subdomain of citi[.]com using CHEETA-Mail infrastructure was redirecting users to phishing pages targeting Microsoft 365 login pages. Our Threat Analysts have continued their research, and we’
I’m not even sure how you’d frame this to users beyond “just don’t trust any links in the email”. Sounds like we might just need to accept the fact that email is unreliable. :/
I’m not even sure how you’d frame this to users beyond “just don’t trust any links in the email”. Sounds like we might just need to accept the fact that email is unreliable. :/