Proofpoint Vulnerability Exploited in Massive Phishing Campaign

Millions of spoofed emails impersonating major brands targeted Fortune 100 companies, exploiting weak email protection settings.

The phishing campaign, named 'EchoSpoofing,' began in January 2024 and peaked at 14 million emails in a single day.
Threat actors used a flaw in Proofpoint’s email protection service to send emails that appeared to come from trusted companies like IBM, Disney, and Nike.
The emails bypassed security measures by manipulating Sender Policy Framework and DomainKeys Identified Mail signatures.
Proofpoint has issued patches and updated configurations to mitigate the vulnerability and prevent future attacks.
Organizations are advised to review and tighten their email security settings to avoid similar exploits.