EvilTokens device-code phishing kit bypasses MFA and authenticates to Microsoft 365 as victims. Cisco Talos revealed new evasion techniques and capabilities, highlighting the threat's sophistication to email security professionals managing organizational defense.
A webinar discussing how modern phishing, BEC, and account takeover attacks bypass traditional email security by exploiting trusted identities and workflows. The presentation covers behavioral AI solutions for automated detection and response.
A phishing campaign targeting MetaMask cryptocurrency wallet users was detected. The attack uses alternative authentication methods instead of traditional credential theft, demonstrating evolving phishing tactics that security professionals should recognize.
EvilTokens is a phishing attack that hides account takeover indicators until browser execution, leaving SOCs with limited visibility. Enterprise teams need enhanced monitoring to validate threats faster and reduce account compromise risk.
A Canadian health board conducted a phishing awareness test on staff using a fake vacation day offer, which sparked backlash for its inappropriate theme. The organization apologized for the social engineering exercise designed to test employee security awareness.