Changelog
Release notes, feature updates, detection improvements, and security patches.
v2.0.0
Feature
Enterprise Phishing Simulation Engine
- •Complete phishing simulation for enterprise orgs: create campaigns, pick templates, add recipients, test and launch
- •5 built-in templates (BEC wire transfer, password expiry, FedEx delivery, vendor invoice, M365 security alert) with difficulty ratings
- •Custom template creator with HTML editor and personalization ({{FIRST_NAME}}, {{COMPANY_NAME}}, {{EMAIL}})
- •Click and open tracking per recipient with unique tracking tokens and 1x1 pixel
- •Campaign dashboard with real-time stats: sent, opened, clicked percentages
- •CSV export of clicked users for cybersecurity training assignment
- •Educational 'You Got Phished' landing page for employees who click simulation links
- •Sends via M365 Graph API (through org's own tenant) or Resend fallback
v1.9.0
Fix
Rule Engine Overhaul -- 9 Critical Fixes
- •Brand ccTLD recognition: amazon.in, google.co.in, spotify.de etc. now auto-recognized as legitimate (generic ccTLD fallback)
- •Link text mismatch: compares parent domains not full hostnames; CDN vs tracking subdomains no longer flagged; deduplicates findings
- •Word-boundary matching for short phrases ('irs', 'fbi', 'cra') -- 'first' and 'birthday' no longer trigger false positives
- •Trust discount applied to all newsletter-normal patterns (base64, hidden content, formatting, unicode confusables)
- •Diminishing returns scoring: rule engine no longer saturates to 100% from 3-4 modest hits
- •Duplicate findings collapsed with count suffix (e.g., '36x' instead of 36 identical lines)
- •Frontend fetch timeout (90s AbortController) with actual error messages instead of generic 'Network error'
- •FREE_EMAIL_DOMAINS expanded with 20+ ccTLD variants (yahoo.co.uk, gmx.de, yandex.ru, etc.)
- •Rescan now offers 'Rescan' (non-AI) and 'Rescan with AI' options
v1.8.0
Improvement
Scan Packs Repriced + AI Scan Packs
- •Scan packs repriced to match Pro per-scan rate: 100 scans @ ₹39, 300 @ ₹99, 500 @ ₹149
- •New AI scan packs added to pricing page: 25 AI @ ₹99, 50 AI @ ₹179, 100 AI @ ₹299
- •Both pack types clearly labeled with descriptions on the pricing page
v1.7.0
Feature
Scan History Page + Batch Scanning Fix
- •New /app/history page with paginated scan history, verdict filtering, search, and tier retention display
- •Backend enforces tier-based retention: 7 days (free), 90 days (pro), 365 days (enterprise)
- •Batch mailbox scanning: new POST /scan/mailbox/batch processes up to 100 emails in parallel
- •WHOIS lookups capped at 3 seconds with in-memory cache; VirusTotal parallelized (5 workers)
- •AI client timeouts: 30-second hard limit on OpenAI, Azure OpenAI, and Anthropic Claude
- •Homepage launch offers banner with LAUNCH30 (30% off monthly) and 1STYEAR20 (20% off yearly)
v1.6.0
Feature
Landing Page Overhaul + Extension + API Keys
- •Hero badge, trust strip, and differentiation copy updated with truthful claims (AES-256, auto-deleted data, read-only access)
- •Tier restructure: Community 5 AI/6 layers, Professional 2,000 scans + 200 AI analyses
- •Chrome extension scaffold (Manifest V3) for Gmail and Outlook with service worker and popup UI
- •Enterprise API key system with dual auth (X-API-Key header or JWT), CRUD endpoints, bulk scan
- •40-email benchmark testing framework with accuracy metrics (TPR/FPR/F1)
v1.5.0
Improvement
Enterprise-Grade Rule Engine Rework
- •Introduced Sender Trust Score (0.0-1.0) based on SPF/DKIM/DMARC authentication, known brand domains, and List-Unsubscribe presence
- •Fixed 8 false positive patterns: legitimate transactional emails (Amazon, Google, PayPal, Netflix) no longer flagged as suspicious
- •Fixed 5 false negative patterns: BEC detection now works from compromised accounts, new OAuth consent phishing rule added
- •Removed MailChimp from suspicious mailers list
- •Expanded carrier domain whitelist to 20+ carriers worldwide
- •Display names now normalized through Unicode confusable detection
- •Added test suite with 14 real-world email pattern validations
v1.4.0
Feature
About Page, Mailbox Search, Batch Results, Brand Whitelist
- •New dedicated About page with mission, story, and 6-layer detection overview
- •Email search in Mailbox Scan tab (Gmail q parameter, M365 $search) with debounced input
- •Brand Legitimate Domains whitelist for 30+ brands covering ccTLDs, subdomains, and sub-brands
- •New /app/scan-results page for batch scan results with summary bar, email sidebar, and navigation
v1.3.0
Feature
Self-Service Password Management
- •Forgot Password flow with email-based token reset
- •Change Password on profile page with current password verification
- •Reset tokens are cryptographically random with 1-hour expiry
v1.2.0
Feature
AI Scan Toggle, Feedback, Admin AI Credits
- •AI scan toggle on the Scan page (switch between standard and AI-enhanced scans)
- •User feedback system with image attachments and admin reply workflow
- •Admin can manually grant AI scan credits to users
v1.1.0
Security
Two-Factor Authentication
- •Optional TOTP-based two-factor authentication
- •Recovery codes for MFA backup
- •Security nudge on profile page for users without MFA enabled
v1.0.1
Fix
Detection Engine Scoring Fix
- •Fixed 0% detection layers when URL, headers, or attachments had no data
- •Added no-data UI distinction in scan results
- •Improved layer weight redistribution for inactive layers
v1.0.0
Feature
Initial Launch
- •6-layer detection pipeline: Rule Engine, URL Scanner, Header Forensics, Attachment Analysis, ML Classifier, AI Analysis
- •Three scan methods: Upload .eml, Mailbox Scan (Gmail + M365), Manual Entry
- •Community (free), Professional, and Enterprise tiers
- •Organization management with admin dashboard
- •Stripe and Razorpay billing integration
- •Azure deployment infrastructure