Attackers are targeting the DocuSign APIs to generate large amounts of fake invoices, which often skirt automated security and land in inboxes as they originate from "docusign.net" and appear to be coming from legitimate companies.
A hacker on a Russian-speaking forum is selling hundreds of business executives' email and password combinations for Office 365 and Microsoft accounts for use in BEC scams.