MEDIUMMalware
Global

The Trojan horse of cybercrime: Weaponizing SaaS notification pipelines

Tuesday, April 7, 2026 at 10:00 AM UTC·Source: Cisco Talos

Updated: Tuesday, April 7, 2026 at 10:01 AM UTC

Executive Summary

Cisco Talos has recently observed an increase in activity that is leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails.

Analysis

Cisco Talos has recently observed an increase in activity that is leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails.
Source Attribution

Originally published by Cisco Talos on Apr 7, 2026.

Related Threats

CRITICALMalware

Understanding Current Threats to Kubernetes Environments

Unit 42 uncovers escalating Kubernetes attacks, detailing how threat actors exploit identities and critical vulnerabilities to compromise cloud environments. The post Understanding Current Threats to Kubernetes Environments appeared first on Unit 42 .

Unit 42 (Palo Alto)
MEDIUMMalware

When an Attacker Meets a Group of Agents: Navigating Amazon Bedrock's Multi-Agent Applications

Unit 42 research on multi-agent AI systems on Amazon Bedrock reveals new attack surfaces and prompt injection risks. Learn how to secure your AI applications. The post When an Attacker Meets a Group of Agents: Navigating Amazon Bedrock's Multi-Agent Applications appeared first on Unit 42 .

Unit 42 (Palo Alto)
LOWMalware

Security lapse lets researchers view React2Shell hackers’ dashboard

An apparent security lapse has allowed researchers to peer into the work of a threat group currently exploiting unpatched servers open to the four-month-old React2Shell vulnerability to steal login credentials, keys, and tokens at scale. Researchers from Cisco Systems’ Talos threat intelligence team who made the discovery said Thursday that the data harvested by an unattributed group they call UAT

CVE-2025-55182
CSO Online