Popular project management and collaboration tool Monday.com was forced to disable one of its features after it was abused by a threat actor to send out phishing emails.
The “Share Update” feature allows users to share real-time updates, progress, or important information with team members, or stakeholders. Users can post updates, attach files or images, mention specific team members, and even set up automatic notifications for certain updates.
But a threat actor has now hijacked the feature to send out mass emails to people outside their account, leading to monday.com having to temporarily disable it.
No customer data compromised
The company told BleepingComputer it was made aware of phishing emails seemingly coming from its email accounts. The emails were sent via SendGrid, and were…
Source link