Security News > 2024 > May > Monday.com removes "Share Update" feature abused for phishing attacks
Project management platform Monday.com has removed its "Share Update" feature after threat actors abused it in phishing attacks.
On Tuesday, Monday.com customers told BleepingComputer they were concerned that the company was compromised after receiving phishing emails from its email accounts.
After contacting Monday.com about the phishing attacks earlier this week, they told BleepingComputer today that the attacks were conducted through their 'Share Update' feature.
"We were made aware of the misuse of a monday.com feature named"Share Update," which allows users to share an update with someone who isn't a member of their account," a Monday.com spokesperson told BleepingComputer.
"Unfortunately, a user misused this feature by sending a phishing message. We promptly suspended this user and removed the feature."
"This feature has no connection to data hosted on monday.com or access to any customer accounts or data. We have reached out and shared precautions with the email recipients of the phishing message."
News URL
Related news
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)