Skip to content
The Nexus
DossierENTITY

EvilTokens

Coverage of EvilTokens in the Nexus archive.

Earliest in view: Apr 7 · 20:19 UTCMost recent: May 19 · 11:30 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYMay 19 · 11:30 UTCTHE HACKER NEWS
    The New Phishing Click: How OAuth Consent Bypasses MFA

    A phishing-as-a-service platform called EvilTokens compromised over 340 Microsoft 365 organizations across five countries in just five weeks. The targets received a message asking them to enter a short code and complete their normal MFA challenge. This phishing attack bypassed multi-factor authentication.

  • SECURITYApr 7 · 20:19 UTCTHE REGISTER
    Hundreds of orgs compromised daily in Microsoft device code phishing attacks

    A Microsoft device-code phishing campaign uses AI and automation to compromise hundreds of organizations daily, enabling attackers to access corporate emails and steal financial data. The attack leverages 'EvilTokens' to bypass multi-factor authentication, highlighting vulnerabilities in cybersecurity practices.

EvilTokens · Dossier · The Nexus