EvilTokens device-code phishing kit bypasses MFA and authenticates to Microsoft 365 as victims. Cisco Talos revealed new evasion techniques and capabilities, highlighting the threat's sophistication to email security professionals managing organizational defense.
A webinar discussing how modern phishing, BEC, and account takeover attacks bypass traditional email security by exploiting trusted identities and workflows. The presentation covers behavioral AI solutions for automated detection and response.
Criminal IP integration enriches OpenCTI threat indicators with risk scoring, infrastructure intelligence, and phishing analysis to improve threat intelligence context and usability for security teams.
Researchers discovered ARToken, a business email compromise-as-a-service platform affiliated with EvilTokens phishing operation. The toolkit is designed to bypass MFA and compromise Microsoft 365 accounts, representing an advanced threat targeting organizations.
A phishing campaign targeting MetaMask cryptocurrency wallet users was detected. The attack uses alternative authentication methods instead of traditional credential theft, demonstrating evolving phishing tactics that security professionals should recognize.
EvilTokens is a phishing attack that hides account takeover indicators until browser execution, leaving SOCs with limited visibility. Enterprise teams need enhanced monitoring to validate threats faster and reduce account compromise risk.
Black Basta ransomware syndicate operates like a sophisticated corporation, using advanced phishing and malware campaigns to target victims. The group's leaked internal communications reveal their evolution into organized extortion operations, relevant to understanding modern ransomware delivery mechanisms.
A Canadian health board conducted a phishing awareness test on staff using a fake vacation day offer, which sparked backlash for its inappropriate theme. The organization apologized for the social engineering exercise designed to test employee security awareness.
An exposed server revealed the Bissa Scanner platform, used for large-scale exploitation and credential harvesting across multiple victims. The operators leveraged AI tools like Claude Code and OpenAI to automate and refine their malicious collection pipeline, demonstrating sophisticated attack infrastructure.