Search
1000 results for “smays”
-
More news of the dangers of wildfire smoke. Three days left to comment on the proposed repeal of EPA endangerment finding.
from NBC:
The Environmental Protection Agency is trying to rescind a key legal provision known as the “endangerment finding” as part of a broad rollback on environmental regulations. This 2009 legal decision says greenhouse gases like carbon dioxide and methane are warming the Earth and that warming presents a threat to public health and welfare. It serves as the lynchpin for the agency’s regulations about greenhouse gas pollution under the Clean Air Act.
The new study could be part of a “pushback” against that measure, said Dr. John Balmes, a spokesman for the American Lung Association and a professor at the University of California, San Francisco School of Medicine.
The measure to rescind the finding is undergoing a lengthy regulatory process, which is accepting public comments now. Balmes said he cited the study in a letter objecting to the change by the EPA.
“It strengthens what we are saying about wildfires being connected to climate change and subsequent public health impacts,” Balmes said.
The National Academies of Sciences, Engineering and Medicine on Wednesday issued a report that said human-caused warming is causing harm and will continue to do so in the future. The evidence is “beyond scientific dispute,” the committee behind the report said.
The White House did not respond to a request for comment. The EPA said the Trump administration was “committed to reducing the likelihood of devastating wildfire disasters” and will prioritize efforts like prescribed burning, fuel treatment and debris cleanup to prevent them.
“EPA welcomes all public comments on the proposal to rescind the 2009 Endangerment Finding through September 22, 2025, and the agency looks forward to responding to a diverse array of perspectives on this issue,” a spokesperson said in an email.More/links:
news:
https://www.nbcnews.com/news/amp/rcna231466https://www.opb.org/article/2025/09/19/wildfire-smoke-deaths/
studies:Wildfire smoke exposure and mortality burden in the US under climate change https://www.nature.com/articles/s41586-025-09611-w
Global warming amplifies wildfire health burden and reshapes inequality https://www.nature.com/articles/s41586-025-09612-9
The Covid-19 hospitalization risk associated with air pollution in New York state counties after the 2023 Quebec wildfires https://journals.sagepub.com/doi/10.1177/22799036251361430
to comment:
https://www.regulations.gov/document/EPA-HQ-OAR-2025-0194-0093
https://www.regulations.gov/commenton/EPA-HQ-OAR-2025-0194-0093
-
More news of the dangers of wildfire smoke. Three days left to comment on the proposed repeal of EPA endangerment finding.
from NBC:
The Environmental Protection Agency is trying to rescind a key legal provision known as the “endangerment finding” as part of a broad rollback on environmental regulations. This 2009 legal decision says greenhouse gases like carbon dioxide and methane are warming the Earth and that warming presents a threat to public health and welfare. It serves as the lynchpin for the agency’s regulations about greenhouse gas pollution under the Clean Air Act.
The new study could be part of a “pushback” against that measure, said Dr. John Balmes, a spokesman for the American Lung Association and a professor at the University of California, San Francisco School of Medicine.
The measure to rescind the finding is undergoing a lengthy regulatory process, which is accepting public comments now. Balmes said he cited the study in a letter objecting to the change by the EPA.
“It strengthens what we are saying about wildfires being connected to climate change and subsequent public health impacts,” Balmes said.
The National Academies of Sciences, Engineering and Medicine on Wednesday issued a report that said human-caused warming is causing harm and will continue to do so in the future. The evidence is “beyond scientific dispute,” the committee behind the report said.
The White House did not respond to a request for comment. The EPA said the Trump administration was “committed to reducing the likelihood of devastating wildfire disasters” and will prioritize efforts like prescribed burning, fuel treatment and debris cleanup to prevent them.
“EPA welcomes all public comments on the proposal to rescind the 2009 Endangerment Finding through September 22, 2025, and the agency looks forward to responding to a diverse array of perspectives on this issue,” a spokesperson said in an email.More/links:
news:
https://www.nbcnews.com/news/amp/rcna231466https://www.opb.org/article/2025/09/19/wildfire-smoke-deaths/
studies:Wildfire smoke exposure and mortality burden in the US under climate change https://www.nature.com/articles/s41586-025-09611-w
Global warming amplifies wildfire health burden and reshapes inequality https://www.nature.com/articles/s41586-025-09612-9
The Covid-19 hospitalization risk associated with air pollution in New York state counties after the 2023 Quebec wildfires https://journals.sagepub.com/doi/10.1177/22799036251361430
to comment:
https://www.regulations.gov/document/EPA-HQ-OAR-2025-0194-0093
https://www.regulations.gov/commenton/EPA-HQ-OAR-2025-0194-0093
-
More news of the dangers of wildfire smoke. Three days left to comment on the proposed repeal of EPA endangerment finding.
from NBC:
The Environmental Protection Agency is trying to rescind a key legal provision known as the “endangerment finding” as part of a broad rollback on environmental regulations. This 2009 legal decision says greenhouse gases like carbon dioxide and methane are warming the Earth and that warming presents a threat to public health and welfare. It serves as the lynchpin for the agency’s regulations about greenhouse gas pollution under the Clean Air Act.
The new study could be part of a “pushback” against that measure, said Dr. John Balmes, a spokesman for the American Lung Association and a professor at the University of California, San Francisco School of Medicine.
The measure to rescind the finding is undergoing a lengthy regulatory process, which is accepting public comments now. Balmes said he cited the study in a letter objecting to the change by the EPA.
“It strengthens what we are saying about wildfires being connected to climate change and subsequent public health impacts,” Balmes said.
The National Academies of Sciences, Engineering and Medicine on Wednesday issued a report that said human-caused warming is causing harm and will continue to do so in the future. The evidence is “beyond scientific dispute,” the committee behind the report said.
The White House did not respond to a request for comment. The EPA said the Trump administration was “committed to reducing the likelihood of devastating wildfire disasters” and will prioritize efforts like prescribed burning, fuel treatment and debris cleanup to prevent them.
“EPA welcomes all public comments on the proposal to rescind the 2009 Endangerment Finding through September 22, 2025, and the agency looks forward to responding to a diverse array of perspectives on this issue,” a spokesperson said in an email.More/links:
news:
https://www.nbcnews.com/news/amp/rcna231466https://www.opb.org/article/2025/09/19/wildfire-smoke-deaths/
studies:Wildfire smoke exposure and mortality burden in the US under climate change https://www.nature.com/articles/s41586-025-09611-w
Global warming amplifies wildfire health burden and reshapes inequality https://www.nature.com/articles/s41586-025-09612-9
The Covid-19 hospitalization risk associated with air pollution in New York state counties after the 2023 Quebec wildfires https://journals.sagepub.com/doi/10.1177/22799036251361430
to comment:
https://www.regulations.gov/document/EPA-HQ-OAR-2025-0194-0093
https://www.regulations.gov/commenton/EPA-HQ-OAR-2025-0194-0093
-
More news of the dangers of wildfire smoke. Three days left to comment on the proposed repeal of EPA endangerment finding.
from NBC:
The Environmental Protection Agency is trying to rescind a key legal provision known as the “endangerment finding” as part of a broad rollback on environmental regulations. This 2009 legal decision says greenhouse gases like carbon dioxide and methane are warming the Earth and that warming presents a threat to public health and welfare. It serves as the lynchpin for the agency’s regulations about greenhouse gas pollution under the Clean Air Act.
The new study could be part of a “pushback” against that measure, said Dr. John Balmes, a spokesman for the American Lung Association and a professor at the University of California, San Francisco School of Medicine.
The measure to rescind the finding is undergoing a lengthy regulatory process, which is accepting public comments now. Balmes said he cited the study in a letter objecting to the change by the EPA.
“It strengthens what we are saying about wildfires being connected to climate change and subsequent public health impacts,” Balmes said.
The National Academies of Sciences, Engineering and Medicine on Wednesday issued a report that said human-caused warming is causing harm and will continue to do so in the future. The evidence is “beyond scientific dispute,” the committee behind the report said.
The White House did not respond to a request for comment. The EPA said the Trump administration was “committed to reducing the likelihood of devastating wildfire disasters” and will prioritize efforts like prescribed burning, fuel treatment and debris cleanup to prevent them.
“EPA welcomes all public comments on the proposal to rescind the 2009 Endangerment Finding through September 22, 2025, and the agency looks forward to responding to a diverse array of perspectives on this issue,” a spokesperson said in an email.More/links:
news:
https://www.nbcnews.com/news/amp/rcna231466https://www.opb.org/article/2025/09/19/wildfire-smoke-deaths/
studies:Wildfire smoke exposure and mortality burden in the US under climate change https://www.nature.com/articles/s41586-025-09611-w
Global warming amplifies wildfire health burden and reshapes inequality https://www.nature.com/articles/s41586-025-09612-9
The Covid-19 hospitalization risk associated with air pollution in New York state counties after the 2023 Quebec wildfires https://journals.sagepub.com/doi/10.1177/22799036251361430
to comment:
https://www.regulations.gov/document/EPA-HQ-OAR-2025-0194-0093
https://www.regulations.gov/commenton/EPA-HQ-OAR-2025-0194-0093
-
More news of the dangers of wildfire smoke. Three days left to comment on the proposed repeal of EPA endangerment finding.
from NBC:
The Environmental Protection Agency is trying to rescind a key legal provision known as the “endangerment finding” as part of a broad rollback on environmental regulations. This 2009 legal decision says greenhouse gases like carbon dioxide and methane are warming the Earth and that warming presents a threat to public health and welfare. It serves as the lynchpin for the agency’s regulations about greenhouse gas pollution under the Clean Air Act.
The new study could be part of a “pushback” against that measure, said Dr. John Balmes, a spokesman for the American Lung Association and a professor at the University of California, San Francisco School of Medicine.
The measure to rescind the finding is undergoing a lengthy regulatory process, which is accepting public comments now. Balmes said he cited the study in a letter objecting to the change by the EPA.
“It strengthens what we are saying about wildfires being connected to climate change and subsequent public health impacts,” Balmes said.
The National Academies of Sciences, Engineering and Medicine on Wednesday issued a report that said human-caused warming is causing harm and will continue to do so in the future. The evidence is “beyond scientific dispute,” the committee behind the report said.
The White House did not respond to a request for comment. The EPA said the Trump administration was “committed to reducing the likelihood of devastating wildfire disasters” and will prioritize efforts like prescribed burning, fuel treatment and debris cleanup to prevent them.
“EPA welcomes all public comments on the proposal to rescind the 2009 Endangerment Finding through September 22, 2025, and the agency looks forward to responding to a diverse array of perspectives on this issue,” a spokesperson said in an email.More/links:
news:
https://www.nbcnews.com/news/amp/rcna231466https://www.opb.org/article/2025/09/19/wildfire-smoke-deaths/
studies:Wildfire smoke exposure and mortality burden in the US under climate change https://www.nature.com/articles/s41586-025-09611-w
Global warming amplifies wildfire health burden and reshapes inequality https://www.nature.com/articles/s41586-025-09612-9
The Covid-19 hospitalization risk associated with air pollution in New York state counties after the 2023 Quebec wildfires https://journals.sagepub.com/doi/10.1177/22799036251361430
to comment:
https://www.regulations.gov/document/EPA-HQ-OAR-2025-0194-0093
https://www.regulations.gov/commenton/EPA-HQ-OAR-2025-0194-0093
-
https://www.europesays.com/uk/897861/ Trump threatens to fire Fed chair Powell; EU lenders well placed to weather volatility, says new EBA head #EU #Europe #European #NeedToKnow
-
I was going to provide links to relevant research, but I think this cartoon says it all.
Hat tip to Eddie Cooper at bluesky.social
-
I was going to provide links to relevant research, but I think this cartoon says it all.
Hat tip to Eddie Cooper at bluesky.social
-
I was going to provide links to relevant research, but I think this cartoon says it all.
Hat tip to Eddie Cooper at bluesky.social
-
I was going to provide links to relevant research, but I think this cartoon says it all.
Hat tip to Eddie Cooper at bluesky.social
-
…oooohhhhh this s____t FINALLY might start hitting the fan! I, and many others, have been pointing out the monopoly that BC company ConAir has over firefighting contracts for Canadian governments for years.
Coulson Aviation has been doing firefighting aircraft for decades and has never been picked by its own home province on a long term contract.
The bias has been glaring.
Looks like they're going to fight it out in Court in Saskatchewan!
#BCWildfire #BCPoli
https://www.cbc.ca/news/canada/saskatchewan/government-overpaid-firefighting-planes-manufacturer-says-1.7630608 -
…oooohhhhh this s____t FINALLY might start hitting the fan! I, and many others, have been pointing out the monopoly that BC company ConAir has over firefighting contracts for Canadian governments for years.
Coulson Aviation has been doing firefighting aircraft for decades and has never been picked by its own home province on a long term contract.
The bias has been glaring.
Looks like they're going to fight it out in Court in Saskatchewan!
#BCWildfire #BCPoli
https://www.cbc.ca/news/canada/saskatchewan/government-overpaid-firefighting-planes-manufacturer-says-1.7630608 -
…oooohhhhh this s____t FINALLY might start hitting the fan! I, and many others, have been pointing out the monopoly that BC company ConAir has over firefighting contracts for Canadian governments for years.
Coulson Aviation has been doing firefighting aircraft for decades and has never been picked by its own home province on a long term contract.
The bias has been glaring.
Looks like they're going to fight it out in Court in Saskatchewan!
#BCWildfire #BCPoli
https://www.cbc.ca/news/canada/saskatchewan/government-overpaid-firefighting-planes-manufacturer-says-1.7630608 -
…oooohhhhh this s____t FINALLY might start hitting the fan! I, and many others, have been pointing out the monopoly that BC company ConAir has over firefighting contracts for Canadian governments for years.
Coulson Aviation has been doing firefighting aircraft for decades and has never been picked by its own home province on a long term contract.
The bias has been glaring.
Looks like they're going to fight it out in Court in Saskatchewan!
#BCWildfire #BCPoli
https://www.cbc.ca/news/canada/saskatchewan/government-overpaid-firefighting-planes-manufacturer-says-1.7630608 -
…oooohhhhh this s____t FINALLY might start hitting the fan! I, and many others, have been pointing out the monopoly that BC company ConAir has over firefighting contracts for Canadian governments for years.
Coulson Aviation has been doing firefighting aircraft for decades and has never been picked by its own home province on a long term contract.
The bias has been glaring.
Looks like they're going to fight it out in Court in Saskatchewan!
#BCWildfire #BCPoli
https://www.cbc.ca/news/canada/saskatchewan/government-overpaid-firefighting-planes-manufacturer-says-1.7630608 -
https://www.europesays.com/uk/552764/ More government action needed to tackle racial discrimination despite some steps to meet international obligations, says human rights regulator | Equality and Human Rights Commission (EHRC) #action #Anti #Baroness #Britain #CERD #Commission #EHRC #England #Equality #government #GreatBritain #gypsy #However #human #NorthernIreland #Rights #Roma #Scotland #tracker #traveller #UK #UN #UnitedKingdom #Wales #Welsh
-
TechGrumps 3.36 Men are weird: The Return of the Glasshole
Who watches the watchmen? We don’t answer that type of dumb question in this podcast; we just wonder who is looking at your junk. And we look at why you may not want to stay on CSAM champion Elon Musk’s X platform.
Listen to your host Ryan Alexander with Ian Forrester, David ‘Andy’ Eastman, and Wendy Grossman.
Techgrumps 3.36
- Mozilla, Firefox and AI
- The return of smart glasses and wearables
- Now at the “Get The F*** Off X/Twitter” stage
- Paper about fake parts of real videos:
- Tony Blair wants to be a Tech Bro, building AI tools to rival Palantir
- AOB
- The AI summary in which a police officer turned into a frog (or in discussion of The Owl Who Was God)
- Making the familiar strange podcast
- Feed in to the future of the BBC
- FOSDEM 2026!
- Checkout scanners can tell you that you used a QR code not the barcode
-
This Punchbowl Phish Is Bypassing 90% Of Email Filters Right Now
997 words, 5 minutes read time.
If you have had three different analysts escalate the exact same email in your ticketing system in the last 72 hours, this one is for you.
This is not a Nigerian prince scam. This is not a fake Amazon order. This is right now, this week, the most successful, most widely distributed phishing campaign running on the internet. And almost nobody is talking about just how good it is.
What this scam actually is
You get an email. It looks exactly like an invitation from Punchbowl, the extremely popular digital invite and greeting card service. There’s no misspelled logo. There’s no broken grammar. There is absolutely nothing that jumps out as fake.
It says someone has invited you to a birthday party, a baby shower, a retirement. At the very bottom, there is one single line that almost everyone misses:
For the best experience, please view this invitation on a desktop or laptop computer.
If you click the link, you do not get an invitation. You get malware. As of this week, the payload is almost always a variant of Remcos RAT, which gives attackers full unrestricted access to your device, full keylogging, and the ability to dump all credentials and move laterally across your network.
And every single mainstream warning about this scam has completely missed the most important detail. That line about the desktop? That is not a throwaway line. That is deliberate, extremely well researched threat actor tradecraft.
Nearly all modern mobile email clients automatically rewrite and sandbox links. Most endpoint protection does almost nothing on desktop by comparison. The attackers know this. They are actively telling you to defeat your own security for them. And it works.
Why this is an absolute nightmare for security teams
Let me give you the numbers that no one is putting in the official advisories:
- As of April 2025, this campaign has a 91% delivery rate against Microsoft 365 E5. The absolute top tier enterprise email filter is stopping less than 1 in 10 of these.
- Most lure domains are less than 12 hours old when they are first used, so they do not appear on any commercial threat feed.
- This is not just targeting consumers. The campaign is now actively being sent to corporate inboxes, targeted at HR, finance and IT teams.
- Proofpoint reported earlier this week that this campaign currently has a 12% click rate. For context, the average phish has a click rate of 0.8%.
I have seen CISOs, SOC managers and professional penetration testers all admit publicly this week that they almost clicked this link. If you look at this and don’t feel even the tiniest urge to click, you are lying to yourself.
This is what good phishing looks like. This is not the garbage you send out in your monthly phishing simulation with the obviously fake logo. This is the stuff that actually works.
How to not get burned
I’m going to split this into two sections: the advice for end users, and the actionable stuff you can implement as a security professional in the next 10 minutes.
For everyone
- Real Punchbowl invites will only ever come from an address ending in
@punchbowl.com. There are no exceptions. If it comes from anywhere else, delete it immediately. - Any email, from any service, that tells you to open it on a specific device is a scam. Full stop. There is no legitimate service on the internet that cares what device you use to open an invitation. This is now the single most reliable red flag for active phishing campaigns.
- Do not go to Punchbowl’s website to “check if the invite is real”. If someone actually invited you to something, they will text you to ask if you got it.
For SOC Analysts and Security Teams
These are the steps you can go and implement right now before you finish reading this post:
- Add an email detection rule for the exact string
for the best experience please view this on a desktop or laptop. At time of writing this rule has a 0% false positive rate. - Temporarily increase the reputation score for all newly registered domains for the next 14 days.
- Add this exact lure to your phishing simulation program immediately. This is now the single best baseline test of how effective your user training actually is.
- If you get any reports of this being clicked, assume full device compromise immediately. Do not waste time triaging. Isolate the host.
Closing Thought
The worst part about this scam is how predictable it is. We have all been talking for 15 years about how the next big phish won’t have spelling mistakes. We all said it will look perfect. It will be something you actually expect. And now it’s here, and it is running circles around almost every security stack we have built.
If you see this email, report it. If you are on shift right now, go push that detection rule. And for the love of god, stop laughing at people who almost clicked it.
Call to Action
If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.
D. Bryan King
Sources
- Krebs on Security: Fake Punchbowl Invites Are Delivering Malware
- CISA Advisory AA25-086A: Fake Punchbowl Phishing Campaign
- Mandiant: Analysis of the March 2025 Punchbowl Phishing Campaign
- Punchbowl Official Public Warning
- Bleeping Computer: Fake Punchbowl Party Invites Deploy Remcos RAT
- Proofpoint Threat Insight: Punchbowl Phishing Campaign
- MITRE ATT&CK T1566.001: Spearphishing Link
- Verizon DBIR 2025: Phishing Effectiveness
Disclaimer:
The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.
Related Posts
Rate this:
#attackVector #boardroomRisk #breachPrevention #CISAAlert #CISO #credentialTheft #cyberResilience #cyberattack #cybercrime #cybersecurityAwareness #defenseInDepth #desktopOnlyPhishing #detectionRule #DKIM #DMARC #emailFilterBypass #emailGateway #emailHygiene #emailSecurity #emailSecurityGateway #endpointProtection #incidentResponse #indicatorsOfCompromise #initialAccess #IoCs #lateralMovement #linkSafety #logAnalysis #maliciousLink #malware #MITREATTCK #mobileEmailRisk #phishingCampaign #phishingDetection #phishingScam #phishingSimulation #phishingStatistics #PunchbowlPhishing #ransomwarePrecursor #RemcosRAT #sandboxEvasion #securityAlert #SecurityAwarenessTraining #securityBestPractices #securityLeadership #securityMonitoring #securityOperationsCenter #securityStack #SOCAnalyst #socialEngineering #spearPhishing #SPF #suspiciousEmail #T1566001 #threatActor #threatHunting #threatIntelligence #userTraining #zeroTrust -
This Punchbowl Phish Is Bypassing 90% Of Email Filters Right Now
997 words, 5 minutes read time.
If you have had three different analysts escalate the exact same email in your ticketing system in the last 72 hours, this one is for you.
This is not a Nigerian prince scam. This is not a fake Amazon order. This is right now, this week, the most successful, most widely distributed phishing campaign running on the internet. And almost nobody is talking about just how good it is.
What this scam actually is
You get an email. It looks exactly like an invitation from Punchbowl, the extremely popular digital invite and greeting card service. There’s no misspelled logo. There’s no broken grammar. There is absolutely nothing that jumps out as fake.
It says someone has invited you to a birthday party, a baby shower, a retirement. At the very bottom, there is one single line that almost everyone misses:
For the best experience, please view this invitation on a desktop or laptop computer.
If you click the link, you do not get an invitation. You get malware. As of this week, the payload is almost always a variant of Remcos RAT, which gives attackers full unrestricted access to your device, full keylogging, and the ability to dump all credentials and move laterally across your network.
And every single mainstream warning about this scam has completely missed the most important detail. That line about the desktop? That is not a throwaway line. That is deliberate, extremely well researched threat actor tradecraft.
Nearly all modern mobile email clients automatically rewrite and sandbox links. Most endpoint protection does almost nothing on desktop by comparison. The attackers know this. They are actively telling you to defeat your own security for them. And it works.
Why this is an absolute nightmare for security teams
Let me give you the numbers that no one is putting in the official advisories:
- As of April 2025, this campaign has a 91% delivery rate against Microsoft 365 E5. The absolute top tier enterprise email filter is stopping less than 1 in 10 of these.
- Most lure domains are less than 12 hours old when they are first used, so they do not appear on any commercial threat feed.
- This is not just targeting consumers. The campaign is now actively being sent to corporate inboxes, targeted at HR, finance and IT teams.
- Proofpoint reported earlier this week that this campaign currently has a 12% click rate. For context, the average phish has a click rate of 0.8%.
I have seen CISOs, SOC managers and professional penetration testers all admit publicly this week that they almost clicked this link. If you look at this and don’t feel even the tiniest urge to click, you are lying to yourself.
This is what good phishing looks like. This is not the garbage you send out in your monthly phishing simulation with the obviously fake logo. This is the stuff that actually works.
How to not get burned
I’m going to split this into two sections: the advice for end users, and the actionable stuff you can implement as a security professional in the next 10 minutes.
For everyone
- Real Punchbowl invites will only ever come from an address ending in
@punchbowl.com. There are no exceptions. If it comes from anywhere else, delete it immediately. - Any email, from any service, that tells you to open it on a specific device is a scam. Full stop. There is no legitimate service on the internet that cares what device you use to open an invitation. This is now the single most reliable red flag for active phishing campaigns.
- Do not go to Punchbowl’s website to “check if the invite is real”. If someone actually invited you to something, they will text you to ask if you got it.
For SOC Analysts and Security Teams
These are the steps you can go and implement right now before you finish reading this post:
- Add an email detection rule for the exact string
for the best experience please view this on a desktop or laptop. At time of writing this rule has a 0% false positive rate. - Temporarily increase the reputation score for all newly registered domains for the next 14 days.
- Add this exact lure to your phishing simulation program immediately. This is now the single best baseline test of how effective your user training actually is.
- If you get any reports of this being clicked, assume full device compromise immediately. Do not waste time triaging. Isolate the host.
Closing Thought
The worst part about this scam is how predictable it is. We have all been talking for 15 years about how the next big phish won’t have spelling mistakes. We all said it will look perfect. It will be something you actually expect. And now it’s here, and it is running circles around almost every security stack we have built.
If you see this email, report it. If you are on shift right now, go push that detection rule. And for the love of god, stop laughing at people who almost clicked it.
Call to Action
If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.
D. Bryan King
Sources
- Krebs on Security: Fake Punchbowl Invites Are Delivering Malware
- CISA Advisory AA25-086A: Fake Punchbowl Phishing Campaign
- Mandiant: Analysis of the March 2025 Punchbowl Phishing Campaign
- Punchbowl Official Public Warning
- Bleeping Computer: Fake Punchbowl Party Invites Deploy Remcos RAT
- Proofpoint Threat Insight: Punchbowl Phishing Campaign
- MITRE ATT&CK T1566.001: Spearphishing Link
- Verizon DBIR 2025: Phishing Effectiveness
Disclaimer:
The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.
Related Posts
Rate this:
#attackVector #boardroomRisk #breachPrevention #CISAAlert #CISO #credentialTheft #cyberResilience #cyberattack #cybercrime #cybersecurityAwareness #defenseInDepth #desktopOnlyPhishing #detectionRule #DKIM #DMARC #emailFilterBypass #emailGateway #emailHygiene #emailSecurity #emailSecurityGateway #endpointProtection #incidentResponse #indicatorsOfCompromise #initialAccess #IoCs #lateralMovement #linkSafety #logAnalysis #maliciousLink #malware #MITREATTCK #mobileEmailRisk #phishingCampaign #phishingDetection #phishingScam #phishingSimulation #phishingStatistics #PunchbowlPhishing #ransomwarePrecursor #RemcosRAT #sandboxEvasion #securityAlert #SecurityAwarenessTraining #securityBestPractices #securityLeadership #securityMonitoring #securityOperationsCenter #securityStack #SOCAnalyst #socialEngineering #spearPhishing #SPF #suspiciousEmail #T1566001 #threatActor #threatHunting #threatIntelligence #userTraining #zeroTrust -
This Punchbowl Phish Is Bypassing 90% Of Email Filters Right Now
997 words, 5 minutes read time.
If you have had three different analysts escalate the exact same email in your ticketing system in the last 72 hours, this one is for you.
This is not a Nigerian prince scam. This is not a fake Amazon order. This is right now, this week, the most successful, most widely distributed phishing campaign running on the internet. And almost nobody is talking about just how good it is.
What this scam actually is
You get an email. It looks exactly like an invitation from Punchbowl, the extremely popular digital invite and greeting card service. There’s no misspelled logo. There’s no broken grammar. There is absolutely nothing that jumps out as fake.
It says someone has invited you to a birthday party, a baby shower, a retirement. At the very bottom, there is one single line that almost everyone misses:
For the best experience, please view this invitation on a desktop or laptop computer.
If you click the link, you do not get an invitation. You get malware. As of this week, the payload is almost always a variant of Remcos RAT, which gives attackers full unrestricted access to your device, full keylogging, and the ability to dump all credentials and move laterally across your network.
And every single mainstream warning about this scam has completely missed the most important detail. That line about the desktop? That is not a throwaway line. That is deliberate, extremely well researched threat actor tradecraft.
Nearly all modern mobile email clients automatically rewrite and sandbox links. Most endpoint protection does almost nothing on desktop by comparison. The attackers know this. They are actively telling you to defeat your own security for them. And it works.
Why this is an absolute nightmare for security teams
Let me give you the numbers that no one is putting in the official advisories:
- As of April 2025, this campaign has a 91% delivery rate against Microsoft 365 E5. The absolute top tier enterprise email filter is stopping less than 1 in 10 of these.
- Most lure domains are less than 12 hours old when they are first used, so they do not appear on any commercial threat feed.
- This is not just targeting consumers. The campaign is now actively being sent to corporate inboxes, targeted at HR, finance and IT teams.
- Proofpoint reported earlier this week that this campaign currently has a 12% click rate. For context, the average phish has a click rate of 0.8%.
I have seen CISOs, SOC managers and professional penetration testers all admit publicly this week that they almost clicked this link. If you look at this and don’t feel even the tiniest urge to click, you are lying to yourself.
This is what good phishing looks like. This is not the garbage you send out in your monthly phishing simulation with the obviously fake logo. This is the stuff that actually works.
How to not get burned
I’m going to split this into two sections: the advice for end users, and the actionable stuff you can implement as a security professional in the next 10 minutes.
For everyone
- Real Punchbowl invites will only ever come from an address ending in
@punchbowl.com. There are no exceptions. If it comes from anywhere else, delete it immediately. - Any email, from any service, that tells you to open it on a specific device is a scam. Full stop. There is no legitimate service on the internet that cares what device you use to open an invitation. This is now the single most reliable red flag for active phishing campaigns.
- Do not go to Punchbowl’s website to “check if the invite is real”. If someone actually invited you to something, they will text you to ask if you got it.
For SOC Analysts and Security Teams
These are the steps you can go and implement right now before you finish reading this post:
- Add an email detection rule for the exact string
for the best experience please view this on a desktop or laptop. At time of writing this rule has a 0% false positive rate. - Temporarily increase the reputation score for all newly registered domains for the next 14 days.
- Add this exact lure to your phishing simulation program immediately. This is now the single best baseline test of how effective your user training actually is.
- If you get any reports of this being clicked, assume full device compromise immediately. Do not waste time triaging. Isolate the host.
Closing Thought
The worst part about this scam is how predictable it is. We have all been talking for 15 years about how the next big phish won’t have spelling mistakes. We all said it will look perfect. It will be something you actually expect. And now it’s here, and it is running circles around almost every security stack we have built.
If you see this email, report it. If you are on shift right now, go push that detection rule. And for the love of god, stop laughing at people who almost clicked it.
Call to Action
If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.
D. Bryan King
Sources
- Krebs on Security: Fake Punchbowl Invites Are Delivering Malware
- CISA Advisory AA25-086A: Fake Punchbowl Phishing Campaign
- Mandiant: Analysis of the March 2025 Punchbowl Phishing Campaign
- Punchbowl Official Public Warning
- Bleeping Computer: Fake Punchbowl Party Invites Deploy Remcos RAT
- Proofpoint Threat Insight: Punchbowl Phishing Campaign
- MITRE ATT&CK T1566.001: Spearphishing Link
- Verizon DBIR 2025: Phishing Effectiveness
Disclaimer:
The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.
Related Posts
Rate this:
#attackVector #boardroomRisk #breachPrevention #CISAAlert #CISO #credentialTheft #cyberResilience #cyberattack #cybercrime #cybersecurityAwareness #defenseInDepth #desktopOnlyPhishing #detectionRule #DKIM #DMARC #emailFilterBypass #emailGateway #emailHygiene #emailSecurity #emailSecurityGateway #endpointProtection #incidentResponse #indicatorsOfCompromise #initialAccess #IoCs #lateralMovement #linkSafety #logAnalysis #maliciousLink #malware #MITREATTCK #mobileEmailRisk #phishingCampaign #phishingDetection #phishingScam #phishingSimulation #phishingStatistics #PunchbowlPhishing #ransomwarePrecursor #RemcosRAT #sandboxEvasion #securityAlert #SecurityAwarenessTraining #securityBestPractices #securityLeadership #securityMonitoring #securityOperationsCenter #securityStack #SOCAnalyst #socialEngineering #spearPhishing #SPF #suspiciousEmail #T1566001 #threatActor #threatHunting #threatIntelligence #userTraining #zeroTrust -
Please update your Firefox to 150.0.3.
Details why: https://www.mozilla.org/en-US/security/advisories/mfsa2026-45/
Step-by-step instructions:
* open your Firefox application
* choose/click menu "Firefox"
* choose/click menu item "About Firefox"
If it says:
✓ Firefox is up to date
then you’re all set.
If there is a button that says:
( Check for updates )
then click that.
Or you may see it automatically download an update and see:
* Downloading update — nn.n of nnn MB
* Applying update…
If you see a button that says:
( ↻ Restart to Update Firefox )
then click that!
Aside: #pwn2own is TOMORROW and they hit capacity for the first time in their 19-year history.
https://hackread.com/pwn2own-berlin-2026-hits-capacity-hackers-0-days/
Today’s a good day to get/install OS and browser updates on all your critical devices.
Consider turning off wifi on non-critical devices (putting to sleep is no longer enough because many devices still listen to or contact the internet while asleep) until you have had a chance to safely update their software (perhaps after software updates are available in response to pwn2own demos and disclosures).
#Mozilla #Firefox #browser #cyberSecurity #cyber #security -
Please update your Firefox to 150.0.3.
Details why: https://www.mozilla.org/en-US/security/advisories/mfsa2026-45/
Step-by-step instructions:
* open your Firefox application
* choose/click menu "Firefox"
* choose/click menu item "About Firefox"
If it says:
✓ Firefox is up to date
then you’re all set.
If there is a button that says:
( Check for updates )
then click that.
Or you may see it automatically download an update and see:
* Downloading update — nn.n of nnn MB
* Applying update…
If you see a button that says:
( ↻ Restart to Update Firefox )
then click that!
Aside: #pwn2own is TOMORROW and they hit capacity for the first time in their 19-year history.
https://hackread.com/pwn2own-berlin-2026-hits-capacity-hackers-0-days/
Today’s a good day to get/install OS and browser updates on all your critical devices.
Consider turning off wifi on non-critical devices (putting to sleep is no longer enough because many devices still listen to or contact the internet while asleep) until you have had a chance to safely update their software (perhaps after software updates are available in response to pwn2own demos and disclosures).
#Mozilla #Firefox #browser #cyberSecurity #cyber #security -
Restored and colorized an old photo taken in Aden, Yemen in the 1950s by my uncle who was on his way to Malaysia (where he worked for a while). The annotation on the back of the photo says the ship is the Kenya, registered in London.
-
Restored and colorized an old photo taken in Aden, Yemen in the 1950s by my uncle who was on his way to Malaysia (where he worked for a while). The annotation on the back of the photo says the ship is the Kenya, registered in London.
-
Trump savings accounts a ‘back door for privatizing Social Security,’ Bessent says
https://www.washingtonpost.com/business/2025/07/30/trump-accounts-social-security-bessent/
#SaveSocialSecurity #NoPrivatization #TaxTheRich #NoBillionaires #WealthTax #VoteProgressive #StopNeoliberalism #WorkingClassNotDonorClass #SecondBillOfRights #FDRDemocrats
-
Trump savings accounts a ‘back door for privatizing Social Security,’ Bessent says
https://www.washingtonpost.com/business/2025/07/30/trump-accounts-social-security-bessent/
#SaveSocialSecurity #NoPrivatization #TaxTheRich #NoBillionaires #WealthTax #VoteProgressive #StopNeoliberalism #WorkingClassNotDonorClass #SecondBillOfRights #FDRDemocrats
-
Trump savings accounts a ‘back door for privatizing Social Security,’ Bessent says
https://www.washingtonpost.com/business/2025/07/30/trump-accounts-social-security-bessent/
#SaveSocialSecurity #NoPrivatization #TaxTheRich #NoBillionaires #WealthTax #VoteProgressive #StopNeoliberalism #WorkingClassNotDonorClass #SecondBillOfRights #FDRDemocrats
-
Trump savings accounts a ‘back door for privatizing Social Security,’ Bessent says
https://www.washingtonpost.com/business/2025/07/30/trump-accounts-social-security-bessent/
#SaveSocialSecurity #NoPrivatization #TaxTheRich #NoBillionaires #WealthTax #VoteProgressive #StopNeoliberalism #WorkingClassNotDonorClass #SecondBillOfRights #FDRDemocrats
-
[23:55] No pressure to step down after election, says McDonald
Mary Lou McDonald has said there was no pressure from inside Sinn Féin for her to step down as party leader in the aftermath of the general election last year.
https://www.rte.ie/news/politics/2025/0425/1509546-mary-lou-late-late/
#MaryLouMcDonald #SinnFéin #lastyear
