Particle Data Platform
CyberWire Daily

A QRazy clever scam. [Research Saturday]

4/25/202619 min

This week, we are joined by Juliana Testa, Senior Security Engineer from 7AI, sharing their work on "Quish Splash - When the QR Code Is the Weapon: A Multi-Wave Phishing Campaign That Slipped Past Every Filter." A large-scale “quishing” campaign used QR codes embedded in image attachments to hide phishing URLs, allowing 28 out of 33 emails to bypass SPF, DKIM, DMARC, and Microsoft Defender and land directly in inboxes. Each recipient received a unique QR code and tracking ID, defeating traditional detection methods and enabling attackers to scale the campaign to over 1.6 million emails across multiple organizations while shifting execution to less-secure mobile devices. The attack was ultimately uncovered through AI-driven alerting combined with human analysis and threat hunting, highlighting a major blind spot in email security and the need for QR code inspection, mobile protections, and tighter auto-reply controls. The research and executive brief can be found here: Quish Splash - When the QR Code Is the Weapon: A Multi-Wave Phishing Campaign That Slipped Past Every Filter. Learn more about your ad choices. Visit megaphone.fm/adchoices

Clips

How It Beat Every Filter
One-Point-Six Million Clue
Managers First, Staff Next
Why QR Codes Slip By
Auto-Replies As Reconnaissance
Defender Playbook For Quishing
Quishing Explained Clearly

Transcript preview

First 90 seconds

  1. Juliana Testa· Guest0:00

    [intro music] You're listening to the Cyberwire Network, powered by N2K.

  2. Dave Bittner· Host0:05

    [upbeat music] Quick question. Have you watched Project Hail Mary yet? Humanity is facing an existential threat and racing to solve it with the clock ticking. For security teams, that probably hits close to home with AI use rapidly spreading. Everyone's using AI, marketing, sales, engineering, Chris the intern, without security even knowing about it. That's where Nudge Security comes in. Nudge finds shadow AI apps, integrations, and agents on day one and helps you enforce policy without blocking productivity. Try it free at nudgesecurity.com/cyberwire [upbeat music] Hello, everyone, and welcome to the Cyberwire's Research Saturday. I'm Dave Bittner, and this is our weekly conversation with researchers and analysts tracking down the threats and vulnerabilities, solving some of the hard problems, and protecting ourselves in our rapidly evolving cyberspace. Thanks for joining us.

  3. Juliana Testa· Guest1:18

    [upbeat music] But there is something kinda weird about it. There is a l... It was a really large EML file, um, the attachment

We value your privacy

We use cookies to understand how you use our platform and to improve your experience. Click "Accept All" to consent, or "Decline non-essential" to opt out of non-essential cookies. Read our Privacy Policy.