Bad actors exploited Kuse, a legitimate AI-based workplace application, to conduct a phishing campaign. Attackers leveraged a Vendor Email Compromise (VEC) to send malicious emails from a trusted vendor's compromised mailbox, establishing initial trust. The attack utilized Kuse's file-sharing features to host a fake blurred document with a Markdown file extension (.md) under the legitimate domain app[.]kuse[.]ai. Victims were presented with a fabricated document preview containing Spanish text prompting them to click a link. This redirected users to a fraudulent Microsoft login page designed to harvest credentials. The attack combined multiple social engineering techniques including domain trust exploitation, unusual file extensions to evade detection, and vendor relationship abuse to bypass security controls and user scrutiny.