A new phishing campaign targets employees in financial services using links that download a 'weaponized' Excel document. The phishing campaign, dubbed MirrorBlast, was detected by security firm ET Labs in early September. The Excel files could bypass malware-detection systems because they contain "extremely lightweight" embedded macros, making them "particularly dangerous" for organizations dependent on detection-based security and sandboxing.