Attacker used a legitimate but likely deprecated domain to sneak malicious emails past security filters, vendor says.