IRONSCALES Attack Research Archives

Best of the Worst: Five Attacks That Cleared Authentication and Landed Anyway

Audian Paxson | May 19, 2026 | 2026, AI, Attack of the Day, credential theft, email security, IRONSCALES Attack Research, Phishing, SOC

TL;DR This week's pattern is authentication-passing phishing. The five attacks below cleared SPF, DKIM, DMARC, or some combination of them, and landed in inboxes anyway. One came from a purpose-built Microsoft 365 ...

Blog

Best of the Worst: The Week Your Security Tools Became the Disguise

Audian Paxson | April 6, 2026 | 2026, AI, Attack of the Day, credential theft, email security, IRONSCALES Attack Research, Phishing, SOC, vishing

TL;DR This week's Attack of the Day posts revealed a clear pattern: attackers are deliberately routing attacks through legitimate security and platform infrastructure so the tools themselves become trust signals. TitanHQ and ...

Blog

The DocuSign Email That Wasn’t – A Three-Redirect Credential Harvest

Themis | March 3, 2026 | IRONSCALES Attack Research

TL;DR Attackers sent a convincing DocuSign notification with a "Review & Sign" button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain defeated URL scanners, ...

Blog

Microsoft and IRONSCALES Crack Down on the Direct Send Exploit

James Savard | August 29, 2025 | 2025, IRONSCALES Attack Research

Back in Part 1, we walked through how attackers are using Microsoft 365’s Direct Send feature to spoof internal emails, making those messages look like they’re coming from a trusted domain ...

Blog

Inside Job: Attackers Are Spoofing Emails with M365’s Direct Send

James Savard | July 31, 2025 | IRONSCALES Attack Research, m365, spoofing

Over the past three months, our threat analysts have noticed a significant spike in attackers abusing Microsoft 365’s Direct Send feature—a tool intended for devices like printers or scanners to send internal ...

Blog

IRONSCALES Attack Research

Best of the Worst: Five Attacks That Cleared Authentication and Landed Anyway

Best of the Worst: The Week Your Security Tools Became the Disguise

The DocuSign Email That Wasn’t – A Three-Redirect Credential Harvest

Microsoft and IRONSCALES Crack Down on the Direct Send Exploit

Inside Job: Attackers Are Spoofing Emails with M365’s Direct Send

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On