CSO Online

EvilTokens abuses Microsoft device code flow for account takeovers

The phishing-as-a-service toolkit leverages legitimate authentication to capture tokens and access Microsoft 365 services.
Security Boulevard

CVE-2026-20963: SharePoint Deserialization Remote Code Execution Vulnerability

Microsoft SharePoint, a core platform for enterprise collaboration, is facing active exploitation through a newly confirmed ...
Arabian Post

EvilTokens turns Microsoft sign-ins into bait

EvilTokens, a newly identified phishing-as-a-service operation, is offering cybercriminals a ready-made way to hijack Microsoft accounts by abusing a legitimate sign-in process rather than stealing ...