Forg365 PhaaS Uses Telegram and AI Lures to Hijack Microsoft 365 Accounts
Forg365 is a commercial phishing-as-a-service (PhaaS) platform specifically targeting Microsoft 365 users. It employs methods such as device-code phishing, a...
20 articles
Forg365 is a commercial phishing-as-a-service (PhaaS) platform specifically targeting Microsoft 365 users. It employs methods such as device-code phishing, a...
The attackers call victims to direct them to phishing websites mirroring Microsoft Entra ID login pages. The post Okta Warns of Vishing Attacks Targeting Mic...
Passwords remain part of many workforce authentication flows in financial organizations, making phishing and credential theft major identity security risks, ...
The SFC has mandated that all virtual asset trading platforms and internet brokers must replace one-time password (OTP) logins, including those sent via SMS ...
Join the webinar as we break down why email-layer defenses alone can’t keep pace with the modern phishing ecosystem. The post Webinar Today: Why Email Securi...
ESET’s H1 2026 threat report shows attackers accelerating the use of familiar playbooks with AI-flavored lures, social engineering, and defense evasion rathe...
Tomorrow's webinar explores how behavioral AI can help organizations detect sophisticated phishing, business email compromise, and account takeover attacks w...
Not sure this will have any effect, but I support the effort: According to Google’s legal filing, Outsider Enterprise operates through Telegram. The group of...
Compare leading and best email security solutions with AI threat detection, phishing defense, malware blocking, and DLP features for teams.
A rising phishing technique is exploiting a legitimate Microsoft authentication flow to hijack corporate accounts without stealing passwords. Attackers are w...
The OAuth 2.0 Device Authorization Grant specification was designed to streamline authentication for Smart TVs, IoT devices, and printers.
A new phishing-as-a-service (PhaaS) platform dubbed "ARToken" appears to operate as an affiliate of the EvilTokens phishing platform, giving researchers a gl...
Government and healthcare sectors have weak email security. Many domains lack SPF, DMARC, DKIM, and MTA-STS, leaving them open to phishing attacks.
A fully featured phishing-as-a-service (PhaaS) panel named “ARToken” that closely mirrors the EvilTokens infrastructure first profiled in early 2026, but wit...
ARToken operates as an affiliate of the EvilTokens phishing-as-a-service operation, which targets Microsoft 365 accounts and bypasses multi-factor authentica...
Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an informati...
Threat intelligence is only as useful as the context behind it. Criminal IP explains how its integration enriches threat indicators in OpenCTI with risk scor...
FortiGuard says the Brazilian banking trojan Ousaban is targeting Spain and Portugal via phishing
Cisco Talos’ research on ARToken builds on what’s known about the related EvilTokens phishing-as-a-service. The post This phishing kit looks more like BEC-as...