Security News > 2024 > May > Monday.com removes "Share Update" feature abused for phishing attacks
Project management platform Monday.com has removed its "Share Update" feature after threat actors abused it in phishing attacks.
On Tuesday, Monday.com customers told BleepingComputer they were concerned that the company was compromised after receiving phishing emails from its email accounts.
After contacting Monday.com about the phishing attacks earlier this week, they told BleepingComputer today that the attacks were conducted through their 'Share Update' feature.
"We were made aware of the misuse of a monday.com feature named"Share Update," which allows users to share an update with someone who isn't a member of their account," a Monday.com spokesperson told BleepingComputer.
"Unfortunately, a user misused this feature by sending a phishing message. We promptly suspended this user and removed the feature."
"This feature has no connection to data hosted on monday.com or access to any customer accounts or data. We have reached out and shared precautions with the email recipients of the phishing message."
News URL
Related news
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)