top of page
ALL POSTS
Passwordless Phishing: How Attackers Hijack Microsoft 365 Through Device Code Authentication
Key Findings A sophisticated phishing-as-a-service kit called EvilTokens exploits Microsoft's legitimate OAuth 2.0 device authorization flow to hijack Microsoft 365 accounts without stealing passwords Attackers trick victims into entering a device code on a real Microsoft login page, which grants the attacker valid access tokens to the compromised account The attack bypasses traditional phishing detection methods by using genuine Microsoft authentication pages, eliminating fa
Jun 204 min read
FBI Alert: Kali365 Phishing Kit Rapidly Targeting Microsoft 365 Users
Key Findings FBI issued public service announcement about Kali365, a phishing-as-a-service platform targeting Microsoft 365 users since April 2026 Platform bypasses multi-factor authentication by abusing OAuth device code authorization flows Kali365 lowers technical barriers for cybercriminals by providing AI-generated phishing lures, automated templates, and real-time tracking dashboards Captured OAuth tokens grant persistent access to Microsoft 365 accounts, enabling data t
May 223 min read
n8n Supply Chain Attack Steals OAuth Tokens via Compromised Community Nodes
Here is the article with the key findings in bullet point format, the background as the first major point, and the headers formatted with ##: Key Findings Threat actors uploaded 8 malicious packages on the npm registry masquerading as n8n workflow automation integrations to steal OAuth credentials One such package, "n8n-nodes-hfgjf-irtuinvcm-lasdqewriit", mimicked a Google Ads integration and prompted users to link their advertising account to siphon the credentials This atta
Jan 122 min read
bottom of page
