EvilTokens Phishing Kit Hijacks Microsoft 365 Without Stealing Passwords
EvilTokens abuses Microsoft's OAuth device code flow to compromise accounts without fake login pages or stolen passwords, bypassing 2FA entirely.
GuidesThreat Intelligence Feed
-
-
Sniper DZ PhaaS Platform Targets MENA Users via Facebook Scams
Group-IB researchers detail how Sniper DZ campaigns targeted MENA users through fake Facebook accounts, browser notification abuse, and traffic monetization sch
Tools -
400+ Arch Linux AUR Packages Hijacked to Deploy Credential Stealer
Attackers hijacked over 400 AUR packages to install a Rust-based credential stealer. Systems built from affected packages since June 11 should be treated as com
VPN & Privacy -
INTERPOL Operation Ramz Dismantles Sniper Dz Phishing-as-a-Service Platform
INTERPOL's Operation Ramz disrupted Sniper Dz, a decade-old PhaaS platform, resulting in 201 arrests across 13 MENA countries and the takedown of its infrastruc
Guides -
ServiceNow Flaw Exploited to Access Customer Instance Tables
ServiceNow patched a flaw on June 5, 2026 after threat actors exploited it to query instance tables across a subset of customers.
VPN & Privacy -
UNC5221 Spent 18 Months Undetected Before Deploying Three Backdoors
Chinese APT group UNC5221 used Brickstorm, Plenet, and AgentPSD to maintain access across a victim network and its MSP for over 18 months.
Threats
Analysis & Guides
Threats
Your Smart TV's Idle Hours Are Selling Your Bandwidth
Free apps embed Bright Data's SDK to route web-scraping traffic through home IPs, including always-on smart TVs, with consent screens that don't match actual da
Threats
SolarWinds Serv-U Crash Flaw Now Under Active Exploitation
CISA added CVE-2026-28318, a DoS flaw in SolarWinds Serv-U, to its KEV catalog with a federal patch deadline of June 19, 2026.
VPN & Privacy
Why Children's Data Is a Long-Term Identity Risk
Children face the same identity and data risks as adults — often with higher stakes. Here's how to protect their digital lives early.
Threats
AI Found 21 FFmpeg Zero-Days for $1,000. Chrome Patched 429 in One Shot.
An AI agent found 21 FFmpeg zero-days for ~$1,000. That same week, Chrome 149 patched a record 429 bugs.
Threats
900 Gas Station Gauges Are Online and Undefended
Over 900 ATG systems in the US sit exposed on the open internet, vulnerable to command execution attacks that could disable fuel leak detection.
Threats
PCPJack Built a 230-Node SMTP Relay Network Inside Cloud Infrastructure
PCPJack compromised 230 AWS, Azure, and Google Cloud servers to build a covert SMTP relay network, leaving tools exposed on an open C2 directory.
Threats
Cisco SSRF, Iranian Crypto Sanctions, and an FSB Spyware Disclosure
A Cisco UCM flaw with a CVSS 8.6 score, FSB spyware claims, and $7.7B in sanctioned Iranian crypto volume define this week's threat landscape.
Threats
The Browser Is Now Where Breaches Begin and Go Undetected
The 2026 Verizon DBIR confirms what browser telemetry has shown for months: the browser is the primary attack surface most enterprises aren't watching.
Threats
WordPress Sites Under Fire From Everest Forms Pro Code Injection Flaw
CVE-2026-3300 in Everest Forms Pro lets unauthenticated attackers run arbitrary PHP and create rogue admin accounts.