FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
May 22, 2026
The FBI warns Kali365, a PhaaS platform on Telegram, exploits Microsoft device code authentication to bypass MFA entirely and capture
Phishing
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
The FBI warns Kali365, a PhaaS platform on Telegram, exploits Microsoft device code authentication to bypass MFA entirely and capture persistent OAuth tokens.
EvilTokens Service Breaches 340 Microsoft 365 Orgs via OAuth Tokens
EvilTokens, a phishing service launched in February 2026, bypassed MFA in 340 Microsoft 365 organizations by stealing OAuth tokens instead of passwords.
Ghostwriter APT Deploys Cobalt Strike in Geofenced Ukraine Campaign
ESET documented a Ghostwriter spear-phishing campaign using geofenced PDFs to deliver Cobalt Strike against Ukrainian and Polish government targets since March 2026.
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
INTERPOL Operation Ramz arrested 201 suspects and seized 53 servers across 13 MENA countries in a five-month cybercrime crackdown concluding February 2026.
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Tycoon2FA's latest update adds device-code phishing that hands attackers a valid Microsoft 365 OAuth token without requiring the victim's password or MFA code.
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
SOCRadar uncovered Operation HookedWing, a 4-year credential-harvesting campaign that compromised 2,000+ accounts across 500+ organizations in aviation, energy, government, and critical infrastructure using GitHub-hosted phishing ...
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield
Cushman & Wakefield confirmed a vishing-enabled breach after ShinyHunters and Qilin ransomware listed the firm separately. ShinyHunters published a 50GB Salesforce dataset after the May ...
MacSync Infostealer Weaponizes Google Ads and Claude.ai Chats
Attackers chain Google sponsored ads with fake Claude.ai chat sessions to deliver MacSync, a macOS infostealer harvesting Keychain contents and browser credentials.
TCLBanker Trojan Spreads via WhatsApp and Outlook, Hits 59 Banks
Researchers identify TCLBanker, a Brazilian banking trojan targeting 59 financial platforms that self-propagates by sending malicious messages through victims' WhatsApp and Outlook accounts.
Fake Claude AI Site Delivers New Beagle Windows Backdoor
A malicious website impersonating Claude AI distributes a new, previously undocumented Windows backdoor named Beagle to users seeking to download the AI assistant application.
EvilTokens Service Breaches 340 Microsoft 365 Orgs via OAuth Tokens
May 21, 2026
EvilTokens, a phishing service launched in February 2026, bypassed MFA in 340 Microsoft 365 organizations by stealing OAuth tokens instead
Ghostwriter APT Deploys Cobalt Strike in Geofenced Ukraine Campaign
May 19, 2026
ESET documented a Ghostwriter spear-phishing campaign using geofenced PDFs to deliver Cobalt Strike against Ukrainian and Polish government targets since
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
May 19, 2026
INTERPOL Operation Ramz arrested 201 suspects and seized 53 servers across 13 MENA countries in a five-month cybercrime crackdown concluding
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
May 19, 2026
Tycoon2FA’s latest update adds device-code phishing that hands attackers a valid Microsoft 365 OAuth token without requiring the victim’s password
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
May 12, 2026
SOCRadar uncovered Operation HookedWing, a 4-year credential-harvesting campaign that compromised 2,000+ accounts across 500+ organizations in aviation, energy, government, and
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield
May 12, 2026
Cushman & Wakefield confirmed a vishing-enabled breach after ShinyHunters and Qilin ransomware listed the firm separately. ShinyHunters published a 50GB
MacSync Infostealer Weaponizes Google Ads and Claude.ai Chats
May 11, 2026
Attackers chain Google sponsored ads with fake Claude.ai chat sessions to deliver MacSync, a macOS infostealer harvesting Keychain contents and
TCLBanker Trojan Spreads via WhatsApp and Outlook, Hits 59 Banks
May 11, 2026
Researchers identify TCLBanker, a Brazilian banking trojan targeting 59 financial platforms that self-propagates by sending malicious messages through victims’ WhatsApp
Fake Claude AI Site Delivers New Beagle Windows Backdoor
May 8, 2026
A malicious website impersonating Claude AI distributes a new, previously undocumented Windows backdoor named Beagle to users seeking to download
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.