One of my 2025 cybersecurity predictions is we will see more victimization through the use of products and services which don’t have a technical vulnerability, but rather design features which can be misused by attackers. In the right hands, poor designs can be as dangerous as vulnerable code.
Microsoft’s Recall inadvertently captures login credentials that attackers can access by undermining its weak controls and Docusign’s service that allows phishing to originate from their trusted domain, bypassing many email filters, are two examples.
https://www.theregister.com/2024/12/19/docusign_lure_azure_account_takeover