Preview image for a blog post

Jalisco & OmegaLord: Deep Dive into Advanced Microsoft 365 Phishing Tactics via Device Code Flow and OAuth Abuse

Jalisco and OmegaLord phishing kits exploit Microsoft 365 device code flows and OAuth to bypass MFA, gain persistent access, and compromise accounts.
Preview image for a blog post

FBI Warns: Kali365 Phishing Kit Exploits M365 OAuth Tokens – Unpacking the Evolving PaaS Threat

FBI warns of Kali365 phishing kit hijacking Microsoft 365 OAuth tokens, enabling persistent access and bypassing MFA. Learn defensive strategies.
Preview image for a blog post

Tycoon 2FA Evolves: Next-Gen OAuth Device Code Phishing Bypasses MFA

Tycoon 2FA now uses OAuth device code phishing to compromise MFA-protected devices, resuming operations after a takedown.
Preview image for a blog post

Rapid-Fire Phishing Campaigns Exploit Microsoft Teams, Targeting Senior Executives

Sophisticated phishing attacks targeting senior executives via Microsoft Teams, attributed to former Black Basta associates, demand advanced defenses.
Preview image for a blog post

AiTM Phishing Bypasses MFA for AWS Cloud Takeovers, HR Under Siege: A Week in Cybersecurity Threat Analysis

Deep dive into AiTM phishing hijacking AWS, year-long HR malware campaign, and advanced digital forensics for threat attribution.
Preview image for a blog post

The Critical Chasm: Where MFA Stops and Credential Abuse Starts

Explores how MFA coverage gaps in Windows environments enable credential abuse, lateral movement, and network compromise despite IdP enforcement.
Preview image for a blog post

M365 MFA Bypass: Deconstructing the OAuth 2.0 Device Code Phishing Campaign

Deep dive into a sophisticated phishing campaign abusing OAuth 2.0 Device Authorization Grant flow to bypass M365 MFA and steal tokens for persistent access.
Preview image for a blog post

Operation DoppelBrand: Deconstructing GS7's Fortune 500 Brand Weaponization

In-depth analysis of Operation DoppelBrand, where the GS7 group targets US financial institutions with sophisticated brand impersonations.
Preview image for a blog post

Real-Time Vishing Kits: The New Frontier in MFA Bypass and Threat Actor Control

Voice phishing kits empower threat actors with real-time control, bypassing MFA through sophisticated call orchestration and session hijacking.
Preview image for a blog post

ShinyHunters' Sophisticated Social Engineering Defeats MFA: A Deep Dive into Next-Gen Data Theft Tactics

ShinyHunters exploit MFA as a pretext in social engineering, bypassing defenses to steal data from major companies like Panera Bread and Match Group.
Preview image for a blog post

Mandiant Exposes ShinyHunters-Style Vishing Attacks Stealing MFA for SaaS Breaches

Mandiant details advanced vishing and credential harvesting by ShinyHunters, bypassing MFA to breach SaaS platforms.