Attackers Deploy AiTM Phishing Pages to Access SharePoint, HubSpot, and Google Workspace

📅 2 May 2026 at 06:36 UTC📰 Cyber Security NewsView original source ↗

Threat actors are rapidly shifting their intrusion tradecraft toward high-speed, SaaS-centric attacks that completely bypass traditional endpoint security. Since October 2025, security researchers have tracked two distinct adversaries, identified as CORDIAL SPIDER and SNARKY SPIDER, conducting aggressive data theft campaigns. These groups operate almost exclusively within trusted SaaS environments such as SharePoint, HubSpot, and Google […] The post Attackers Deploy AiTM Phishing Pages to Access SharePoint, HubSpot, and Google Workspace appeared first on Cyber Security News.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

Threat actors CORDIAL SPIDER and SNARKY SPIDER have been using AI-powered phishing pages to bypass traditional endpoint security in SaaS environments, targeting SharePoint, HubSpot, and Google Workspace since October 2025.

⚙️Technical Details

Affected Systems

SharePointHubSpotGoogle WorkspaceAttack Vectors: AI-powered phishing pages

Attack Vectors

AI-powered phishing pages

💥Impact Assessment

Severity: critical

Who Is at Risk

Users of SharePoint, HubSpot, and Google Workspace

🛡️Recommended Actions

1Implement AI-powered phishing detection tools

2Require users to verify login credentials manually for SaaS applications

3Monitor user activity for suspicious behavior

📦Affected Products

SharePointHubSpotGoogle Workspace

Read the full article

This is a curated summary. The complete article is available at Cyber Security News.

Read on Cyber Security News ↗

← Back to feed