bec and sharepoint

  1. ARToken EvilTokens Threat: Device-Code Phishing, PRT Persistence, 365 Abuse

    Cisco Talos has identified ARToken, a React-based operator panel tied by infrastructure and API behavior to the EvilTokens phishing-as-a-service ecosystem, exposing more than 80 endpoints for Microsoft 365 device-code phishing, token persistence, mailbox abuse, BEC operations, and SharePoint...