Security News > 2024 > May > Monday.com removes "Share Update" feature abused for phishing attacks
Project management platform Monday.com has removed its "Share Update" feature after threat actors abused it in phishing attacks.
On Tuesday, Monday.com customers told BleepingComputer they were concerned that the company was compromised after receiving phishing emails from its email accounts.
After contacting Monday.com about the phishing attacks earlier this week, they told BleepingComputer today that the attacks were conducted through their 'Share Update' feature.
"We were made aware of the misuse of a monday.com feature named"Share Update," which allows users to share an update with someone who isn't a member of their account," a Monday.com spokesperson told BleepingComputer.
"Unfortunately, a user misused this feature by sending a phishing message. We promptly suspended this user and removed the feature."
"This feature has no connection to data hosted on monday.com or access to any customer accounts or data. We have reached out and shared precautions with the email recipients of the phishing message."
News URL
Related news
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- iOS devices face twice the phishing attacks of Android (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Low-tech phishing attacks are gaining ground (source)
- MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks (source)