We’re thrilled to announce our $60M series B to build the new standard for email security! ✉️ 🚀. Thank you to our customers, community, partners, and investors for trusting us. We could not be more excited to build the future of email security with you. Founder & CEO @jkamdjou

Headed to #BlackHat? Come see how Sublime is redefining email defense. 🛡️ Booth #3246 – Meet the team & grab swag.🤖 Catch our talk: Machine vs. Machine.💬 Book a 1:1 with our founders.Modern threats demand a modern defense. 🔗

AutoIT-based malware attacks are not slowing down. In a recent campaign, bad actors sent emails to German speakers that promised explicit videos, but delivered a malicious AutoIT loader. Learn about the attack and the evasions it used, like anti-analysis techniques and the

🎯 Detecting Scattered Spider: Tactics, Techniques, and Email Defense Strategies. We're hosting a webinar to examine Scattered Spider's evolving TTPs, with particular focus on email-centric attacks. July 31 @ 12pm ET / 9am PT. Register here:

Attacks using Zoom Docs to impersonate brands are on the rise. We recently detected a credential phishing attack targeting Xfinity accounts that used Zoom Docs to impersonate Xfinity branding. Learn about the attack and its detection signals:

Zoom is the latest trusted service bad actors are exploiting to deliver malicious messages. In this recent attack, Zoom Events and Zoom Docs are used to deliver an adversary in the middle (AITM) credential phishing payload with a fake Microsoft login page:

In Q1 2025, our research data showed X (formerly Twitter) to be the third-most abused service for email attacks. Learn about a recent credential phishing attack in which a bad actor used the X link shortener (t[.]co) to try to hide a malicious URL:

At Sublime, we don’t just build powerful detection tools 📷 — we empower the community to use them. Over the years, our users have created, tested, and contributed some incredible custom rules to our Core Feed. Today, we’re spotlighting a few standouts from the Sublime Community

We’ve been seeing lapsed legitimate domains get purchased by bad actors and used to evade detection. In a recent attack, a domain that once belonged to a law firm was used to deliver a credential phishing payload that featured multiple evasion detection techniques. Learn more:

What you'll learn:.🔹 Why legacy email security falls short and what to do instead.🔹 How to streamline detection, investigation, and response workflows.🔹 Real-world examples of flexible, precision-based email defense.

Attackers are using GenAI to launch faster, more evasive phishing campaigns - especially in highly targeted industries. Traditional tools can’t keep pace. Join us on June 23 at 12pm ET / 9am PT for a practical discussion on how teams are rethinking email security in today’s

We’re honored to be named to @redpoint’s 2025 #InfraRed100, spotlighting the most transformative infrastructure companies!. Big thanks to the team at @Redpoint congrats to our fellow innovators. →

Big thank you to @TechAnnouncer for including Sublime in their list of 5 cybersecurity startups “blowing up right now.”. We’re rethinking how defenders detect and respond to email threats—with a modular platform built for openness, customization, and control. Read more:.

Big news: Sublime Security was named a Rising in Cyber 2025 honoree by @notablecap!. Recognized at the @NYSE and voted on by nearly 150 CISOs & security leaders. Proud to be building the future of email security with precision + transparency. 🔗

ClickFix attacks have been on the rise and now we’re seeing it used to deliver DCRat malware. Learn about this attack that uses JavaScript to silently copy a malicious command to a target’s clipboard and then provides fake “verification” steps to run the command:

Our ML team built an agentic AI analyst capable of performing almost all of the same tasks as a human email security analyst. We introduced ASA a few weeks back, now we want to give you a peek under the hood. Learn about our approach to building our Autonomous Security Analyst:

We’ve seen an increase in attackers delivering ScreenConnect as a malicious payload. Often, it was delivered via a linked Canva file with the payload disguised as a legitimate PDF download. These attacks are multi-layered and designed to evade security controls. Learn more:

We are frequently seeing new services being abused in Living Off Trusts Sites (LOTS) attacks. In a recent attack, a bad actor tried to evade detection by putting a malicious payload in a linked Figma file delivered from a compromised vendor account. Learn about the attack:

Get the full report and see the other trends and key insights here:

BEC and related social engineering attacks continue to represent the highest financial cybercrime risk to most organizations. This attack type sees a wide variety of tactics and techniques.

Living off Trusted Services (LOTS) attacks now account for 8% all attacks. Within our telemetry, we found that these were the most frequently abused services: