Find notable cyber news and cases, enriched with sources, timelines, and signals.

TOAD phishing is rising as a gateway-bypass trend in enterprise email environments

Trend
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

TOAD phishing has become a major gateway-bypass pattern in enterprise email environments, increasing the risk that scam emails reach users despite secure email defenses. The trend matters because nearly 28% of bypass detections in a December 2025-to-present dataset used this phone-number-based technique, and attackers are layering evasion methods to improve delivery. It also shows that the same approach can work across Microsoft- and Google-hosted mail, reducing the value of basic filtering alone.

Related Happenings

Gravity SMTP actively exploited information disclosure flaw (CVE-2026-4020)

Vulnerability
H score16 First: 19.06.2026 23:25 Last: 19.06.2026 23:25 Sources 1

About this happening: An **actively exploited** unauthenticated information disclosure flaw in **Gravity SMTP** exposes **API keys, secrets, OAuth tokens, and email-service credentials** on sites using...

Non-email threat-detection confidence gap across collaboration channels

Trend
H score25 First: 19.06.2026 12:00 Last: 19.06.2026 12:00 Sources 1

About this happening: A survey found a broad **non-email threat-detection gap** across **Slack**, **Microsoft Teams**, and social channels, increasing exposure as attackers move beyond **email**. At **...

Microsoft Exchange Online blocks legacy TLS for POP3 and IMAP4 starting July 2026

Security Tool/Service
H score11 First: 28.04.2026 16:18 Last: 28.04.2026 16:18 Sources 1

About this happening: **Microsoft** will block **TLS 1.0** and **TLS 1.1** for **POP3/IMAP4** access to **Exchange Online** in **July 2026**, which could break legacy mail clients and embedded devices...

UNC6692 email bombing and Microsoft Teams impersonation campaign

Campaign
H score32 First: 25.04.2026 18:07 Last: 25.04.2026 18:07 Sources 1

About this happening: UNC6692 is running a **social-engineering campaign** that uses **email bombing** and **Microsoft Teams impersonation** to push targets toward remote access and initial compromise....

Email-attack shift toward behavioral and organizational weaknesses in 2026

Trend
H score44 First: 23.04.2026 14:06 Last: 23.04.2026 14:06 Sources 1

About this happening: A large-scale analysis of **almost 800,000 email attacks** across **more than 4,600 organizations** shows attackers shifting toward **behavioral and organizational weaknesses** in...

Timeline

  1. 25.02.2026 16:00 2 articles · 4mo ago

    StrongestLayer discloses TOAD phishing gateway-bypass findings

    Initial Disclosure

    StrongestLayer published analysis of roughly 5,000 email-based threat detections that bypassed secure email gateways across multiple enterprise environments between December 2025 and 2026-02-25, finding that telephone-oriented attack delivery (TOAD) accounted for nearly 28% of bypasses and typically used a fake billing notice with a phone number as the only payload. The research also tracked more than 1,400 unique evasion combinations, described multilayered delivery techniques such as PDF attachments, QR codes, URL multi-hop redirects, Google Calendar or SharePoint delivery, and noted that TOAD worked well against both Google- and Microsoft-hosted email.

    Show sources