Forg365 PhaaS Uses Telegram and AI Lures to Hijack Microsoft 365 Accounts
Forg365 is a commercial phishing-as-a-service (PhaaS) platform specifically targeting Microsoft 365 users. It employs methods such as device-code phishing, a...
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
17 articles found
Forg365 is a commercial phishing-as-a-service (PhaaS) platform specifically targeting Microsoft 365 users. It employs methods such as device-code phishing, a...
Security researcher Caleb Ristvedt disclosed the issues on July 222, 202620262026, warning that all GNU Guix installations are affected. Systems running guix...
A new phishing-as-a-service (PhaaS) operation called Forg365 focuses on stealing Microsoft 365 accounts by combining adversary-in-the-middle (AiTM) and devic...
The kit includes Cloaked.gg, which displays benign sites to detected scanners and sandboxes.
A concise but sophisticated phishing campaign that targeted AWS console users by abusing Cloudflare-hosted domains to deliver adversary-in-the-middle (AiTM) ...
A multi-organization phishing campaign attributed to the CodeStorm family is actively targeting Microsoft 365 tenants with a tenant-aware AiTM (adversary-in-...
A researcher identified as Paul reportedly found a remote code execution flaw via a man-in-the-middle attack in AMD's auto-updater.
A financially motivated campaign dubbed “Payroll Pirate” has emerged using advanced phishing and adversary-in-the-middle (AiTM) session hijacking to bypass m...
Threat researchers have uncovered a novel man-in-the-middle (MitM) attack chain targeting Anthropic’s Claude Code ecosystem, where adversaries hijack Model C...
Tycoon 2FA bypasses MFA on Entra ID and Google Workspace. We map telemetry fingerprints across both platforms, ship detection rules for both tiers, and conta...
Accountability becomes the big issue following a breach – does the team know who’s responsible for what?
Written by: Austin Larsen, Tyler McLellan, Genevieve Stark, Dan Ebreo Introduction Google Threat Intelligence Group (GTIG) has continued to track an expansiv...
Hackers are abusing Google Ads to steal GoDaddy ManageWP credentials by placing a look‑alike phishing ad above the legitimate ManageWP result and proxying vi...
Microsoft Defender Research observed a large-scale credential theft campaign that exemplifies this trend, using code of conduct-themed lures, a multi-step at...
Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages
Tycoon2FA phishing platform resumes activity post-takedown, leveraging AITM techniques to bypass MFA
ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks