As digital transformation accelerates and apps become more complex, it’s no longer optional to safeguard your .NET apps; it’s a necessity. Organizations that utilize .NET should remain alert. Although .NET remains an effective and secure platform for developing enterprise applications, neglecting its risks may prove to be an expensive lesson. 

The threat actors are focusing on the attack vectors to target .NET-based applications with advanced techniques. These are not isolated cases anymore, but rather a component of a larger and more diverse threat environment. As long as you are not already cooperating with security-oriented .NET development services, it is time to reconsider your approach. 

In this blog, we will see the major security threats that will affect .NET development and how you can protect your applications by making the appropriate architectural process and hiring decisions. 

Why Security in .NET is More Important than Before

To protect API threats, .NET teams must adopt: 

• OAuth 2.0/OpenID Connect for token-based authentication 
• Input validation and JSON schema enforcement 
• Access control is based on roles and attributes (RBAC/ABAC). 
• API gateways with throttling, logging, and monitoring (such as Azure API Management) 

When you hire .NET developers who specialize in secure API architecture, you ensure that your endpoints are protected against the most common entry points for attackers. 

2. Dependency Exploits in NuGet Packages

The Threat: 

Open-source dependencies are commonly utilized in .NET programming. However, hacked or outdated NuGet packages may introduce vulnerabilities, malware, or licensing issues into your application. 

Supply chain attacks are projected to be one of the most dangerous threats to all software ecosystems, including .NET. 

The Defense:  

Security-conscious developers should: 

• Use only trusted, validated packages from reputable publishers. 
• Scan dependencies regularly using tools such as Snyk, WhiteSource, or OWASP Dependency Check. 
• Enable GitHub’s Dependabot for automated updates. 
• Conduct code audits for essential libraries. 

Businesses can reduce their exposure to hidden vulnerabilities and malicious code injections by using dedicated .NET developers who follow safe package management procedures. 

3. Poor Authentication and Authorisation Flaws 

The Threat: 

Misconfigured or poorly handled identification systems remain a significant vulnerability in all applications. Attackers exploit weak login methods, insecure token storage, and ineffective access controls. 

In .NET applications, these issues frequently result in unauthorised data access, account takeovers, or privilege escalation. 

The Defense:  

Strong identity and access control are necessary. Secure.Net apps will include: 

• Azure Active Directory enables enterprise-grade identification. 
• Multi-factor authentication (MFA) 
• JWT token validation, including expiration and refresh tokens 
• Secure cookie management using the HTTPS, SameSite, and HttpOnly settings. 
• Defaults to least privilege access. 

Working with professional .NET services guarantees that identity is correctly integrated and managed using Microsoft’s best practices and security libraries. 

4. Insecure Configuration and Secret Exposure 

The Threat: 

Attackers frequently exploit simple flaws such as hardcoded credentials, unprotected configuration files, and misconfigured cloud resources. Secret sprawl is a significant worry, particularly in containerised or serverless .NET applications. 

The Defense:  

Proper secret management involves: 

• Storing secrets in Azure Key Vault 
• Setting up environment variables alongside secured appsettings.json files 
• Role-based access control for configuration settings 
• Service-to-service secure interaction with encrypted channels 
• Scanning for secrets during CI/CD pipeline execution 

With in-cloud deployment and scaling at speed, make sure you are onboard .NET developers who specialize in security at the level of deployment and environment isolation. 

5. Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)

The Threat: 

Modern web applications, including those built with ASP.NET Core, remain vulnerable to XSS and CSRF attacks. These malicious incursions have both historical roots and relentless contemporary presence. These attacks involve injecting malicious scripts into secure sites or deceiving users into executing actions they would otherwise not take. 

The Defense: 

Some of the mitigation strategies include: 

• Input sanitization and output encoding 
• Using built-in Razor helpers that auto-encode output 
• Implementing anti-CSRF tokens (ASP.NET Core has this by default) 
• Content Security Policies (CSP) to block unauthorized scripts 

A dedicated team of .NET developers can safeguard your front and backend against session and user-targeting scripted attacks. 

6. Insufficient Monitoring and Logging

The Threat: 

To respond to an attack, they must be detected first. Breaches that lack visibility due to insufficient logging and monitoring can remain undetected for weeks or months. 

Attackers will become increasingly stealthy, targeting low-visibility endpoints, edge APIs, and overlooked services. 

The Defense: 

• Implement central logging and SIEM systems: 
• Integrate with Azure Monitor, Application Insights, and Sentinel. 
• Structured logs should be employed with interesting metadata, such as IP addresses, user IDs, and request paths. 
• Look for unusual login patterns or resource usage. 
• Set alerts for suspicious behavior. 

Organizations that opt dedicated .NET developers with DevSecOps experience can integrate observability into their development lifecycle, thereby enhancing security and reducing incident response times. 

7. Injection Attacks: The Continuing Threat

The Threat: 

SQL Injection, XML Injection, and Command Injection continue to prevail, mainly due to legacy and intentionally flawed applications. Even with ORMs like Entity Framework, constructing insecure queries exposes your database. 

The Defense: 

Developers should: 

• Use parameterized queries and LINQ to SQL 
• Validate and sanitize user input 
• Never use dynamic SQL 
• Use database user accounts with the least potential privileges. 

By collaborating with .NET developers who are well-versed in secure database interactions, organizations reduce their risk of data loss or unauthorized access. 

8. Cloud Misconfigurations in Azure Deployments 

The Threat: 

As more .NET applications move to Azure, cloud misconfiguration is emerging as a major threat.  

From open ports to over-permissive roles, these gaps provide easy entry for attackers. 

The Defense: 

• An effective cloud posture involves: 
• Regular audit with Azure Security Center 
• Appropriate RBAC with Azure IAM 
• Encryption of all data in rest and transit 
• Isolation of networks using VNETs and firewalls 
• Least privilege for all cloud resources 

Being Azure-certified, security-aware .NET developers ensures applications and infrastructures are resilient to cloud-native threats. 

9. Lack of Compliance-Ready Architecture

The Threat: 

GDPR, HIPAA, and such worldwide privacy regulations keep on changing. Soon, non-compliance will result in loss of user trust, data breaches, and legal consequences, in addition to fines.  

The Defense: 

• Compliance-ready .NET systems stipulate: 
• Encryption for personal and health data 
• Consent management workflows 
• Data minimization and retention control 
• Complete audit trails and activity logs 
• Right to access and delete mechanisms 

Choosing dedicated .NET developers with experience in regulated industries would enable your architecture to keep pace with modern compliance standards. 

10. Insider Threats and Role Mismanagement 

The Threat: 

Not all threats are from outside. Insider threats, which can be malevolent or accidental, are of increasing concern. From shared admin accounts to over-permissioned users, the weakest link might be with one of your team members. 

The Defense: 

Some good controls to put in place include: 

• Identity governance with Azure AD 
• Regularly conduct access reviews and audits. 
• Least privilege at all layers 
• Separation of duties (e.g., dev vs prod environments) 
• Role-based dashboards and permission checks in your UI 

Expert .NET development services include modules for role management, admin control panels, and access logs to somewhat counteract such insider risks. 

Final Thoughts: Build Secure, Build Smart with .NET 

The .NET ecosystem provides almost limitless flexibility, performance, and integration capabilities, but security is never automatic. With the ever-growing sophistication of cyberattacks, the way .NET applications are architected and built must now change. 

API, cloud, DevSecOps, and compliance perspectives combine a healthy mix of tools, best practices, and developers to defend .NET implementations. 

By choosing dedicated .NET developers who work as an extension of your team, you can confidently build products that are not only scalable and fast but also secure by design. 

Preschool teachers use generative artificial intelligence the least out of educators in grades pre-K-12, but they are starting to use it more despite lack of guidance, according to a new report.

According to research from nonprofit think tank RAND, 29 percent of preschool teachers use generative artificial intelligence in the classroom, though 20 percent of those teachers use it less than once a week. Comparatively, 69 percent of high school teachers use generative AI, with 64 percent of middle school teachers and 42 percent of elementary school teachers using the technology.

“To me it raises the question of how AI use is going to evolve in pre-K,” Jordy Berne, an associate economist at RAND and co-lead on this study, said during a press briefing. “Are we going to learn more about developmental impacts that will prevent it from becoming more common? Or will we find ways to use it really productively, and it’ll be a great boost to teachers and pre-K students?”

A significant factor is a worry that for the youngest students, technology, particularly personal devices like iPads, could detract from their developing communication and social skills.

“One of the key concerns is developmentally appropriateness,” Berne says. “Teachers expressed concerns about children having too much screen time, which can detract from human interaction they deem necessary for social skills.”

Plugged In

But pre-K teachers are plenty plugged in.

In addition to asking about AI, the RAND research, called “the spring 2025 American Public School Pre-K Teacher Survey,” also asked pre-K teachers about their use of instructional, curricular and administrative edtech products and services. The survey polled roughly 2,000 pre-K teachers working in public schools.

Almost all of those surveyed — 98 percent — use online video or audio with their students, with 92 percent using it daily or weekly. Many teachers reported using videos or music for their students to give breaks for the students in between lessons and dance time.

Interactive whiteboards were among the top edtech tools used with students, at 77 percent. The teachers reported using them because they are visually stimulating and tactile, while researchers estimate use is high because teachers are familiar with the tools, since they have been around for more than a decade. The researchers added in their report that the whiteboards are typically used in large-group settings, helping with socialization, versus games on devices that are individual-focused.

Electronic device-enabled games were also used among more than half (64 percent) of pre-K classrooms, while 37 percent reported using digital educational programs. While that had the lowest usage among teachers, the report said those using educational programs found them very helpful, particularly with students learning English as a second language and children with disabilities.

Ways Pre-K Teachers Use Edtech in the Classroom

And for administrative edtech products, the majority of teachers surveyed — 82 percent — use platforms for family communication, with 75 percent using these tools daily or at least weekly. Most teachers (84 percent) agreed edtech could be particularly helpful in communicating with families.

Roughly the same amount (83 percent) used online and digital curriculum resources, though less than half (48 percent) used them daily or weekly. Over half also used assessment platforms and learning management systems (60 percent and 56 percent, respectively).

A majority say it could be helpful for bringing the “outside world” to their students, such as going on virtual field trips. There was also an optimism in sharing resources with other teachers through digital platforms, to stop them from “reinventing the wheel,” according to one teacher.

Ways Pre-K Teachers Think Edtech Is Helpful

One of the largest concerns from the RAND researchers was the “critical gap” between familiarity with educational technology products and how to actually assess those products. While 7 out of 10 preschool teachers reported receiving professional training about using edtech, less than 4 in 10 received professional training on assessing the quality of edtech products.

Share of Pre-K Teachers Who Received Edtech Training

“Especially as AI is evolving and the entire edtech landscape is evolving, it’s making it harder for teachers to know what is high and low quality,” Berne says. “So this is probably more important than ever.”

For years, I was buying compressed air cans on the regular to blast out all of that stubborn and performance-draining dust from the inside of my gaming PC. It’s certainly a satisfying exercise in ensuring efficiency, but repeatedly buying and carefully disposing of those cans never felt like the best way to do things. But this cheeky $40/£35 purchase means I don’t have to worry about that anymore.

I recently picked up the Wolfbox MF50 Electric Air Duster while it’s on sale at Amazon, and while it’s not the most glamorous purchase, it has massively helped clear out dust from my PC without relying on compressed air cans.

Buy the Wolfbox MF50 at Amazon

IT Search’s Graeme King discusses the semiconductor landscape and the importance of addressing challenges creatively.

Globally, the semiconductor sector has taken on a life of its own, with research from a Visual Capitalist report indicating that in 2025, the sector’s market cap surpassed the $12trn mark. 

This perhaps comes as no surprise as we are living in a world in which we use semiconductor chips for a vast array of products, for example our mobile phones, computers and even our cars and homes which house smart systems for added functionality. 

“Semiconductors are everywhere right now, in AI, cloud and EVs, so demand is strong”, said Graeme King, a principal consultant at Irish recruitment agency IT Search – which is a member of the Vertical Markets Group.

“Ireland punches above its weight with over 130 companies and around 20,000 jobs across design, R&D, manufacturing and test. The main hubs are Dublin and Cork, where global players sit alongside local specialists. There’s also a growing number of start-ups in areas like advanced packaging, photonics and quantum hardware.”

All of this, he explained, is bolstered by Ireland’s commitment to the 2025 Silicon Island Strategy, which aims to supercharge the country’s semiconductor industry via skills development, boosting R&D, the development of the domestic semiconductor ecosystem and attracting foreign investment. 

He said, “Essentially, it’s about making Ireland a serious design and innovation hub, not just a test and manufacturing location.” 

IT Search principal consultant Graeme King. Image: IT Search

Advertisement

Supply and demand

With the growth of Ireland’s semiconductor sector in mind, King noted the boom is generating opportunities for professionals, particularly for those with advanced or niche skills. 

“It’s concentrated at the top end. The people most in demand are very experienced RTL design and verification engineers. That level of experience is hard to come by in Ireland and there’s relatively low movement between companies, so once people are embedded in a role, they tend to stay put. That creates a real squeeze for companies trying to scale or replace senior engineers. Even when roles do open up, the pool of people who can genuinely hit the ground running is small, which is why searches can take a long time.”

There is however, more flexibility for those looking to take on a role in embedded software, which is also in high demand. King explained, embedded engineers find it easier to move across from adjacent industries like automotive, industrial, or consumer electronics, to be trained on the semiconductor side. 

“That’s much harder with core RTL or verification roles, where experience has to be there already. Overall, demand is strong, but selective. It’s less about volume hiring and more about finding the right individuals with very specific backgrounds.”

Whilst this may be a positive for highly skilled professionals looking to advance their semiconductor careers in Ireland, it can create problems for employers, noted King, who further elaborated on the growing talent scarcity. 

He said, “People with the right experience in highly specialised areas are limited, and there is not much movement between companies in Ireland, so the pool is small. Global competition adds another layer. 

“Candidates often have options in the US, Germany, Switzerland, and other European tech hubs, where salaries are higher and relocation packages more attractive. That makes it tough for Irish companies to compete purely on pay.” 

As a result, hiring processes can be long and technical, causing an interested candidate to bow out before an organisation has the opportunity to make an offer. Or there may be an obvious skills mismatch, where candidates have transferable skills that could be effective with more flexible training and onboarding, but aren’t currently conducive with the need for niche skill. 

Creative challenges 

But, where there is a will, there is a way and King finds that companies are becoming more creative in how they address challenges, for example the issues he has identified in talent recruitment. 

He said, “The big trend, both in Ireland and globally, is targeted hiring over broad volume recruitment. Companies are focusing on very specific, high-priority skills, so searches tend to be specialised and deliberate. Organisations are also getting creative with how they find talent. 

“They are bringing people in from adjacent sectors like automotive, industrial IoT, or photonics, partnering with universities and training programmes, and investing in upskilling. 

“They are open to candidates who can be shaped into the role rather than just ticking every box. That helps expand the pool in a competitive market. Hiring can still be uneven, with some companies moving quickly and others prioritising retention and selective growth.”

For those looking to create their own opportunities King stated that there are a surprisingly high variety of pathways to go down. At the technical level there are the classical roles already mentioned and beyond that “a lot of room to specialise or pivot”.

He said, “Some engineers move into applications or field engineering, helping customers implement chips and systems, while others take a path into project or engineering management, leading small teams or entire programmes.

“There are also opportunities in technical sales, pre-sales, and solution consulting, where deep engineering knowledge can be a real differentiator.”

In Ireland specifically, smaller teams and start-ups can enable people with strong soft skills to combine their technical and leadership responsibilities, allowing for greater exposure and access to the fast track, when looking at senior level roles, across multiple areas of an organisation. 

“It’s an industry where the right mix of experience and versatility can open doors that aren’t immediately obvious from the job title.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

vivo’s V-series has always been a favorite among Indian smartphone enthusiasts, thanks in big part to the cameras and the surrounding experience. A few months back, we reviewed the V60 and loved it. Now, the Chinese smartphone maker is gearing up to introduce the V60 successor: the V70 series. But there’s a slight twist. For the very first time, a V-series phone will have an Elite model, which’ll bump performance to flagship-tier levels. Here is everything we know about the vivo V70 and vivo V70 Elite, including launch dates, prices, and specifications.

Design and Display

Both phones in the vivo V70 series feature a clean and modern design, highlighted by a square-shaped rear camera module that houses a triple-camera setup. The power and volume buttons are positioned on the right edge of the frame.

On the front, the vivo V70 and V70 Elite are expected to feature a 6.59-inch OLED display with a 1.5K resolution and a 120Hz refresh rate. vivo is reportedly offering ultra-thin 1.25mm bezels and a peak brightness of up to 5,000 nits. Both devices are also said to carry IP68 and IP69 ratings for dust and water resistance.

Performance and Battery

The vivo V70 series offers different performance options for different users. The vivo V70 is expected to feature the Snapdragon 7 Gen 4 processor. In comparison, the vivo V70 Elite will use the more powerful Snapdragon 8s Gen 3 chipset.

At least one Elite variant may include 8GB LPDDR5X RAM and 256GB UFS 4.1 storage. Both models are expected to ship with Android 16-based OriginOS 6. vivo is likely to support four Android updates and six years of security patches.

vivo has confirmed that both the vivo V70 and V70 Elite will pack a 6,500mAh battery. The devices are expected to support 90W wired fast charging, along with bypass charging to help reduce heat during gaming or extended usage.

Additional features tipped for the series include an ultrasonic fingerprint sensor and a linear vibration motor for improved haptic feedback.

Camera Features

Cameras remain a key focus for the vivo V70 series, with Zeiss-powered optics once again taking centre stage. The rear camera system is expected to include a 50MP Sony IMX882 primary sensor with optical image stabilisation, accompanied by a 50MP telephoto lens and an ultra-wide camera.

On the front, both models are likely to feature a 50MP selfie camera. The phones are expected to support 4K video recording at up to 60fps, along with 4K HDR video capture for improved video quality.

Price and Availability in India

vivo has confirmed the launch of the V70 series in India on February 19. The launch timing matches vivo’s Holi-themed camera features. Flipkart will handle online sales once availability begins. The vivo V70 will likely launch around Rs. 40,000 and come in Passion Red and Lemon Yellow. Moreover, vivo may price the vivo V70 Elite around Rs. 50,000 and will offer Passion Red, Sand Beige, and Authentic Black colours.

Since its introduction in 2022, Bowers & Wilkins 700 Series 3 has been a reliable anchor in the company’s loudspeaker lineup, combining proven engineering, solid build quality, and sound that largely delivers on expectations. We’ve already validated that performance with the 703 S3, which earned an Editors’ Choice Award in our Best Floorstanding Loudspeaker category. Now Bowers & Wilkins is expanding the range with the 707 Prestige Edition, a bookshelf/standmount model that is unapologetically about cosmetics rather than acoustic reinvention.

Based directly on the existing 707 S3, the Prestige Edition adds a Santos Gloss finish inspired by the 805 D3 Prestige Edition from 2018, built up using twelve layers of paint and lacquer, along with a unique rear logo plate to clearly differentiate it from the standard model. Pricing is set at €1,750 / £1,550, and it’s now been confirmed that this model will not be sold in the U.S., with availability limited to EU and APAC markets. Buyers should be clear-eyed about what’s new here: this is fundamentally the same speaker, dressed better, and priced accordingly. As for why the U.S. is excluded—tariffs, regional demand, or distribution strategy are all plausible explanations, but at this point, no official reason has been provided.

The 707 Prestige Edition sticks closely to the acoustic foundation of the standard 707 S3, retaining the same Carbon Dome tweeter, Continuum cone mid bass driver, and curved baffle design. This is not a wholesale rethink of the speaker’s voicing or architecture. Where Bowers and Wilkins has made changes is around refinement rather than reinvention.

The Prestige Edition introduces a newly optimized high frequency tweeter grille mesh and upgraded low loss speaker terminals borrowed directly from the award winning 705 S3 Signature. According to Bowers & Wilkins, these updates are intended to deliver a more open and spacious presentation than the standard model, but the core character remains intact. Think incremental polish, not a different speaker hiding in a nicer jacket.

Specifications

• Speaker Configuration: 2-way vented-box system (Bass Reflex)
• Tweeter: 1 x 25mm (1-inch) Decoupled Carbon Dome
• Mid-Bass: 1 x 130mm (5-inch) Continuum cone
• Frequency Range: 45Hz – 33kHz
• Frequency Response  (+/-3dB from reference axis): 50Hz – 28kHz
• Sensitivity (on axis at 2.83Vrms at 1m): 84 dB
• Nominal Impedance: 8Ω (minimum 4.0Ω)
• Recommended Amplifier Power: 30W – 100W into 8Ω
• Dimensions: 300 x 165 x 284 (11.8 x 6.5 x 11.2 inches) including grille and terminals
• Net Weight: 6.2 kg (13.6 lbs)

The Bottom Line 

Based on what Bowers & Wilkins is saying, the 707 Prestige Edition introduces a handful of design tweaks that may support a slightly more open presentation, but on paper it is the same speaker as the 707 S3. The specifications are unchanged, the drivers are unchanged, and the core performance profile remains intact. If you already own the 707 S3, there is no practical reason to “upgrade” unless the Santos Gloss finish and cosmetic detailing matter more to you than measurable gains.

This model is clearly aimed at buyers coming in fresh to the 700 Series who want the best looking version of the smallest speaker in the lineup, not existing owners chasing a meaningful performance jump. And for now, it’s a moot point for U.S. readers—the 707 Prestige Edition will not be coming to the U.S. at all, with availability confirmed for EU and APAC markets only. That takes the question of an American retail verdict off the table entirely, leaving this as a region-specific update rather than a product U.S. buyers can realistically expect to see in domestic showrooms.

Price & Availability

The 707 Prestige Edition is available from selected retailers for €1750 | £1550

FS-700 S3 floorstands in black or silver finishes are also available, should buyers prefer to standmounting to shelf placement.

Related Reading:

Getting a phone serviced can be a headache, as nobody likes to stand in long queues. To help with this exact situation, OPPO has announced Service Center 3.0 Pro. It’s the next-generation after-sales service format aimed at improving the overall ownership experience for customers. The company says 29 Service Center 3.0 Pro locations are already operational, with plans to open 110 new centres across India in 2026.

So, what is it? According to OPPO, the upgraded service centres are designed to go beyond standard repair support by offering faster service, greater transparency, and a more comfortable in-store experience. The new format introduces digital check-in, real-time queue updates, and dynamic digital signage to reduce waiting times and keep customers informed throughout their visit. OPPO has also added face-to-face repair and servicing, enabling users to interact directly with technicians for greater clarity and trust.

Redesigned Interiors

The new centers feature a refreshed visual identity, clearly defined service zones, and improved seating areas. OPPO says the redesigned layout helps customers navigate the space more easily while allowing staff to work more efficiently. The centres also include dedicated product experience zones where users can try out devices, as well as gaming areas designed to make waiting periods more comfortable.

Goldee Patnaik, Head of Communications at OPPO India, said, “These next-generation centers are built for modern-day users who value efficiency, clarity, and a consistent premium experience across touchpoints. As we scale this upgraded format across the country, our focus remains the same—every improvement starts with what our customers tell us.”

If you own a Find or Reno series phone, OPPO offers priority service through Premium Queue registration. The privileges include a six-hour email response time, a two-hour social media response time, and high call and chat response rates.

A fresh wave of spam is hitting inboxes worldwide, with users reporting that they are once again being bombarded by automated emails generated through companies’ unsecured Zendesk support systems.

Some recipients say they are receiving hundreds of messages with strange or alarming subject lines.

Users flooded with bogus ‘Activate account’ emails

Since yesterday, numerous social media users say they have begun receiving large bursts of emails with subject lines such as “Activate your account” and similar support-style notifications appearing to originate from different companies.

Recipients say the messages arrive in rapid succession and look like legitimate automated replies from customer support portals, despite never signing up or submitting a ticket.

“Anyone else getting a slew of failed account & support sign-up emails?” posted security researcher Jonathan Leitschuh on LinkedIn.

“Someone is DDoSing Zendesk support ticketing systems and other account creation processes across the internet with my email right now. Anyone know what the attacker is hoping to achieve here?”

Several users took to social media [1, 2, 3] to report their inboxes overflowing with similar messages:

Similar to the previous incident, the emails appear to be sent from real companies’ Zendesk instances, allowing them to bypass spam filters and land directly in inboxes.

The activity strongly suggests attackers are once again abusing Zendesk ticket submission forms to trigger confirmation emails to large lists of addresses.

What happened in January

In January, a massive global spam wave was traced to attackers abusing Zendesk’s ability to let unverified users submit support tickets.

Each ticket automatically generates a confirmation email to the email address entered, enabling threat actors to turn exposed support portals into large-scale spam relays.

The earlier campaign began around January 18 and affected several companies, with some recipients receiving hundreds of messages with bizarre or alarming subject lines.

Multiple companies had confirmed they were affected by the spam wave, including Dropbox and 2K, who responded to tickets to tell recipients not be concerned and to ignore the emails.

Zendesk had earlier told BleepingComputer that it had introduced new safety features on their end to detect and stop this type of spam in the future.

“We’ve introduced new safety features to address relay spam, including enhanced monitoring and limits designed to detect unusual activity and stop it more quickly,” Zendesk said at the time.

“We want to assure everyone that we are actively taking steps – and continuously improving – to protect our platform and users.”

In a December 2025 advisory, Zendesk had also warned customers about this type of abuse, explaining that attackers were sending what it called “relay spam” by abusing Zendesk instances.

The company said earlier that organizations could prevent this type of abuse by restricting ticket creation to only verified users and removing placeholders that allow any email addresses or ticket subject to be used.

The renewed activity suggests attackers may still be able to abuse exposed Zendesk ticket portals despite the safeguards introduced earlier this year.

BleepingComputer has contacted Zendesk for comment and will update this story if we receive a response.

Modern IT infrastructure moves faster than manual workflows can handle.

In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.

Get the guide