Tag: eviltokens
5 articles

EvilTokens Exposes New Blind Spot in Email Security
A shocking 75.6% of consulting firms were exposed to phishing attacks in 2026, with other industries like financial services, manufacturing, and tech also falling prey to these threats. EvilTokens' ghost phishing campaign uses a sneaky Microsoft Device Code Phishing tactic to trick victims into giving hackers access to their Microsoft 365 accounts.

ARToken Phishing Platform Exposes EvilTokens' Microsoft 365 Toolkit
Cisco Talos researchers have uncovered a sophisticated phishing platform, ARToken, that offers a Microsoft 365 toolkit and goes far beyond traditional credential-harvesting pages, exposing over 80 API endpoints. This phishing-as-a-service operation is a game-changer in the world of cyber threats.

EvilTokens Phishing Kit Exposes Sophisticated Evasion Tactics
Microsoft VP of security research Tanmay Ganacharya revealed that 10-15 distinct EvilTokens phishing campaigns have been launching daily since March 15, 2026, showcasing the alarming speed at which device-code phishing operations have scaled. This comes as Cisco Talos incident responders uncovered a targeted phishing chain that abused a real vendor relationship using an outstanding-invoice lure.

Phishing Kit Unveils Sophisticated BEC-as-a-Service Capabilities
Meet ARToken, a sophisticated phishing kit that's redefining the threat landscape with its Business Email Compromise (BEC)-as-a-Service capabilities, allowing attackers to launch highly targeted and convincing scams. This advanced platform is a game-changer, offering a complete BEC operations environment that's far more complex than your average phishing kit.

OAuth Grants Expose Hidden Risk Below MFA Perimeter
In just five weeks, a phishing-as-a-service platform called EvilTokens compromised over 340 Microsoft 365 organizations across five countries by exploiting a clever trick: instead of stealing passwords, it convinced users to hand over OAuth refresh tokens, granting attackers long-term access to sensitive data like mailboxes, drives, and calendars. This sneaky tactic allowed hackers to bypass traditional security measures, including multi-factor authentication.