Avanan's research into an exploit flaw in the Google Docs' comments feature was highlighted in KnowBe4. The exploit allows hackers to easily send malicious links via the comment feature. As they write:

It’s quite brilliant, really. The attack is hosted on a Google domain (instant credibility), the victim is tagged using the @ and the user’s email address, the email is sent from Google (again, credibility), it looks like a business-related email (given the email is basically about the victim being tagged in a comment on a Google doc), the attacker’s email is not provided (only a “name”, which can be used to impersonate someone the victim knows) and it appears security solutions aren’t finding this malicious in nature.

 

Read the rest of the article at KnowBe4.