Threat Research

EvilTokens is a newly identified phishing-as-a-service (PhaaS) kit that enables large-scale Microsoft device code phishing attacks, leveraging social engineering techniques and rapidly adopted by cybercriminals for Adversary-in-the-Middle (AitM) and Business Email Compromise (BEC) operations....

An active phishing campaign is impersonating a cloud file storage service and major e-signature platforms. Instead of stealing passwords, it exploits Microsoft’s legitimate Device Code OAuth flow. Victims are tricked into entering a verification code on Microsoft’s real login page. The attacker intercepts OAuth tokens, gaining persistent access to accounts and data....

RoningLoader is a new, advanced loader used in a recent DragonBreath (APT-Q-27) campaign that distributes a modified gh0st RAT through trojanized NSIS installers posing as legitimate apps like Chrome and Microsoft Teams....

In October 2025, a critical remote code execution (RCE) vulnerability in Microsoft Windows Server Update Services (WSUS), tracked as CVE-2025-59287 (CVSS 9.8), was discovered. The flaw allows unauthenticated remote attackers to execute code with system-level privileges on affected servers....

In early September 2025, Cloudflare partnered with Microsoft to dismantle the RaccoonO365 phishing-as-a-service (PhaaS) operation. The campaign targeted Microsoft 365 users using sophisticated phishing kits with CAPTCHA and anti-bot measures....

Active exploitation of Microsoft SharePoint vulnerabilities CVE-2025-49704 and CVE-2025-49706 has been observed. These flaws allow unauthenticated attackers to bypass restrictions and, when chained, can lead to arbitrary command execution on affected SharePoint Server 2016 and 2019 systems....

We have analyzed multiple recent incidents where threat actors exploited Microsoft Teams to target victims. Posing as the organization’s Help Desk, the attackers initiate contact via Teams messages. They then attempt to persuade users to execute a Trojanized version of the GlobalProtect installer....