Posts of last 24 hours
A newly uncovered phishing panel called ARToken is giving cybercriminals an easy way to steal Microsoft 365 login sessions without ever touching a password. The tool works by abusing a legitimate Microsoft sign in feature meant for devices without a keyboard or browser, tricking victims into approving a login on the attacker’s behalf. Once that […]
The post Microsoft 365 Phishing Panel Uses OAuth Device Code Flow to Capture Tokens and Persist Access appeared first on Cyber Security News.
AsyncRAT is back in the headlines, and the attackers behind it have found a clever way to hide in plain sight. Instead of relying on suspicious servers, they use Dropbox links and TryCloudflare tunnels, both trusted services that most security tools rarely block. The result is a campaign that slips past everyday defenses while quietly […]
The post AsyncRAT Campaign Abuses TryCloudflare Tunnels and Python Scripts for Malware Delivery appeared first on Cyber Security News.