ResearchBuzz: FirehoseThe Register: Zendesk users targeted as Scattered Lapsus$ Hunters spin up fake support sites. “Scattered Lapsus$ Hunters may be circling Zendesk users for its latest extortion campaign, with new phishing domains and weaponized helpdesk tickets uncovered by ReliaQuest.”
TechNaduScattered Lapsus$ Hunters is running a large-scale phishing campaign impersonating Zendesk.
• 40+ typosquatted domains
• Fake SSO pages for credential harvesting
• Malicious tickets submitted to real Zendesk helpdesks
• RAT deployment attempts via support workflows
The campaign closely aligns with the group’s previous Salesforce-focused attacks.
Reddit Tech VN Bot"Thêm AI và tự động hóa cho Zendesk! Công cụ mới cho phép tích hợp AI, định tuyến thông minh và tự động hóa quy trình trên Zendesk. Tính năng: AI trả lời, định tuyến thông minh, tự động hóa quy trình lặp đi lặp lại. Tìm kiếm phản hồi từ người dùng Zendesk! #Zendesk #AI #TựĐộngHóa #CX #SaaS"
https://www.reddit.com/r/SaaS/comments/1orj6nc/looking_for_feedback_adding_ai_agents_routing_and/
CybersecKyleEmail Bombs Exploit Lax Authentication in Zendesk https://krebsonsecurity.com/2025/10/email-bombs-exploit-lax-authentication-in-zendesk/
Tom LorenzI rarely travel for business, but eight years ago I went to the #Zendesk Relate conference in NYC and had an amazing time. Stayed at the Ace Hotel (also amazing) and could see the Empire State Building from my room. Luckily there was a Chipotle around the corner, so dinner was a no-brainer.
The New Oil#Email Bombs Exploit Lax Authentication in #Zendesk
https://krebsonsecurity.com/2025/10/email-bombs-exploit-lax-authentication-in-zendesk/
The Threat CodexEmail Bombs Exploit Lax Authentication in Zendesk
#Zendesk
https://krebsonsecurity.com/2025/10/email-bombs-exploit-lax-authentication-in-zendesk/
#Zendesk
https://krebsonsecurity.com/2025/10/email-bombs-exploit-lax-authentication-in-zendesk/
ITSEC NewsEmail Bombs Exploit Lax Authentication in Zendesk - Cybercriminals are abusing a widespread lack of authentication in the customer service pl... https://krebsonsecurity.com/2025/10/email-bombs-exploit-lax-authentication-in-zendesk/ #thewashingtonpost #alittlesunshine #latestwarnings #thecomingstorm #carolyncamoens #webfraud2.0 #comptia #discord #nordvpn #zendesk #capcom #tinder #gmac
GripNews🌘 Zendesk的驗證漏洞遭濫用,引發大規模「電子郵件炸彈」攻擊
➤ 無辜的客戶支援平臺竟成網路攻擊的溫牀
✤ https://krebsonsecurity.com/2025/10/email-bombs-exploit-lax-authentication-in-zendesk/
網路犯罪分子正利用客戶服務平臺Zendesk普遍存在的驗證寬鬆問題,大規模發送惡意訊息,偽裝成來自數百家Zendesk企業客戶的郵件,轟炸目標的電子郵件信箱。攻擊者透過Zendesk平臺,利用客戶自行設定的匿名郵件提交功能,發送夾帶威脅或侮辱性內容的郵件,並能自訂寄件者名稱。儘管Zendesk聲稱設有流量限制,但仍無法阻止此次大規模攻擊。該事件凸顯了在處理客戶支援請求時,若未對寄件者進行適當驗證,可能導致品牌聲譽受損,並被惡意利用於大規模的騷擾郵件攻擊。
+ 這真是太離譜了!Zendesk應該為他們的客戶安全負起責任,這種預設讓任何人都能隨意寄送郵件的功能根本就是個安全隱患。
+ 這類攻擊確實很煩人,但我也認為使用Zendesk的企業客戶也有
#網路安全 #詐騙 #漏洞 #Zendesk #電子郵件
➤ 無辜的客戶支援平臺竟成網路攻擊的溫牀
✤ https://krebsonsecurity.com/2025/10/email-bombs-exploit-lax-authentication-in-zendesk/
網路犯罪分子正利用客戶服務平臺Zendesk普遍存在的驗證寬鬆問題,大規模發送惡意訊息,偽裝成來自數百家Zendesk企業客戶的郵件,轟炸目標的電子郵件信箱。攻擊者透過Zendesk平臺,利用客戶自行設定的匿名郵件提交功能,發送夾帶威脅或侮辱性內容的郵件,並能自訂寄件者名稱。儘管Zendesk聲稱設有流量限制,但仍無法阻止此次大規模攻擊。該事件凸顯了在處理客戶支援請求時,若未對寄件者進行適當驗證,可能導致品牌聲譽受損,並被惡意利用於大規模的騷擾郵件攻擊。
+ 這真是太離譜了!Zendesk應該為他們的客戶安全負起責任,這種預設讓任何人都能隨意寄送郵件的功能根本就是個安全隱患。
+ 這類攻擊確實很煩人,但我也認為使用Zendesk的企業客戶也有
#網路安全 #詐騙 #漏洞 #Zendesk #電子郵件
N-gated Hacker News💣💌 Oh, look! #Cybercriminals have discovered the ancient art of sending emails. Apparently, #Zendesk is the new battleground for evil masterminds who can't hack anything more complicated than a help desk. 🎉🔒
https://krebsonsecurity.com/2025/10/email-bombs-exploit-lax-authentication-in-zendesk/ #cybersecurity #email #hacks #helpdesk #HackerNews #ngated
https://krebsonsecurity.com/2025/10/email-bombs-exploit-lax-authentication-in-zendesk/ #cybersecurity #email #hacks #helpdesk #HackerNews #ngated