Cybercriminals are exploiting lax authentication protocols in Zendesk's customer support platform to send a deluge of spam emails from various corporate accounts, overwhelming targeted inboxes. Zendesk acknowledged the issue, stating that customers can configure their systems to allow anonymous ticket submissions, which can be manipulated for spam purposes. The company is investigating further security measures to prevent such abuse while recommending customers implement authenticated workflows for ticket creation.

Akirabot has been identified as a malicious bot that spammed approximately 80,000 websites, primarily by exploiting vulnerabilities in outdated content management systems. The attack highlights the ongoing threat of automated bots in the cybersecurity landscape and emphasizes the need for regular updates and security measures.