New ARToken Phishing Kit Abuses Microsoft’s OAuth Device Code Flow to Hijack Microsoft 365 Accounts
Cisco Talos has uncovered ARToken, a phishing panel that abuses Microsoft's device code sign-in flow to steal Microsoft 365 session tokens without a password or MFA prompt. The...
AWS AiTM Phishing Kit Bypasses MFA to Hijack Cloud Console Sessions in Real Time
A real-time adversary-in-the-middle phishing kit has been targeting AWS engineers, stealing credentials and MFA codes simultaneously to hijack cloud sessions before they expire. Standard MFA provides zero protection...
Operation TaxShadow: Fileless Malware Campaign Uses Fake Tax Emails to Evade Detection on Windows
A sophisticated phishing campaign called Operation TaxShadow is targeting Windows users with fake government tax notifications that deliver multi-stage fileless malware. The payload runs entirely in memory using...
Hackers Are Calling You on Microsoft Teams Pretending to Be IT Support — How to Detect and Stop the Attack
Threat actors are systematically abusing Microsoft Teams' external collaboration features to impersonate IT helpdesk staff, convincing employees to grant remote access and install malware. Black Basta ransomware affiliates...
Tycoon 2FA Phishing Kit Bypasses MFA at Scale — 62% of Microsoft 365 Phishing Attempts Linked to Single Threat Actor
The Tycoon 2FA phishing-as-a-service kit, operated by threat actor Storm-1747, is bypassing multi-factor authentication on Microsoft 365 and Google Workspace accounts at massive scale. At its peak it...
2026 FIFA World Cup Phishing Fraud Triples in Scope: 222 Fake Domains, Four Criminal Clusters
A massive phishing operation targeting 2026 FIFA World Cup fans has grown nearly three times larger than initially reported, now spanning 222 fraudulent domains across 203 unique IP...
Kimsuky APT Runs Four Simultaneous Spear-Phishing Campaigns Targeting Recruiters, Crypto Users, and Defense Officials
North Korea's Kimsuky threat group has been operating four parallel spear-phishing campaigns targeting corporate recruiters, cryptocurrency developers, defense sector officials, and graduate school staff. The campaigns use LNK...
AccountDumpling: Vietnamese Phishing Ring Abuses Google AppSheet and Telegram to Harvest 30,000 Facebook Accounts
A sophisticated phishing operation called AccountDumpling has compromised around 30,000 Facebook accounts by routing lures through legitimate platforms including Google AppSheet, Netlify, and Vercel to bypass email security...