Cybercriminals are exploiting lax authentication protocols in Zendesk's customer support platform to send a deluge of spam emails from various corporate accounts, overwhelming targeted inboxes. Zendesk acknowledged the issue, stating that customers can configure their systems to allow anonymous ticket submissions, which can be manipulated for spam purposes. The company is investigating further security measures to prevent such abuse while recommending customers implement authenticated workflows for ticket creation.

VoidProxy is a new phishing service that effectively bypasses multi-factor authentication (MFA) from major platforms such as Microsoft and Google. It allows cybercriminals to exploit vulnerabilities in the MFA process, increasing the risk of account breaches for users who rely on these security measures. The service is designed to steal user credentials and session tokens, making it a significant threat to online security.

Amazon has taken action to block an APT29 campaign that was targeting Microsoft device code authentication. This intervention is part of ongoing efforts to thwart sophisticated cyber threats and protect user data against malicious actors exploiting vulnerabilities.