Threat actors are leveraging Vendor Email Compromise (VEC) to distribute phishing links hosted on the legitimate AI platform Kuse.ai. By utilizing Markdown (.md) files containing blurred document lures, attackers successfully bypass traditional email filtering to redirect victims to credential harvesting pages masquerading as Microsoft logins.