Talos details ARToken, a PhaaS panel tied to EvilTokens that supports device code phishing, BEC workflows, SharePoint theft, ...
Attackers behind a password-spraying campaign targeting Microsoft Office 365 accounts have amassed dozens of victims by abusing a deprecated feature in OAuth 2.0 to ...
A new phishing-as-a-service (PhaaS) operation called Forg365 focuses on stealing Microsoft 365 accounts by combining ...
The FBI has warned about a phishing tool called Kali365 that can bypass two-factor authentication on Microsoft 365 accounts. The subscription-based kit uses OAuth device code flow to steal access ...
The FBI warned that Kali365 can hijack Microsoft 365 accounts by abusing device code authentication and capturing OAuth tokens. A new phishing service is turning a legitimate Microsoft login process ...
What happened A massive password spray campaign is targeting Microsoft 365 environments through Azure CLI authentication. Huntress warned that threat actors made more than 81 million login attempts ...