SlashNext Blog
Phishing, social engineering, and modern threats.
Featured Article
SessionShark Steals Session Tokens to Slip Past Office 365 MFA
Security researchers here at SlashNext recently uncovered a promotional image on a cybercrime network showcasing a service called “SessionShark O365 2FA/MFA.” SessionShark is a phishing-as-a-service toolkit built to bypass Microsoft Office 365 multi-factor authentication (MFA) protections. While the offering is clearly intended for threat actors, its creators attempt to frame it as “for educational purposes.” […]
Featured Article
10 Ways URL Analysis & Enrichment Can Help Ease Your SOC’s Challenges in 2020
On-demand phishing URL analysis solutions can help ease your SOC teams’ pain and challenges.
Blog Subscription
SessionShark Steals Session Tokens to Slip Past Office 365 MFA
Security researchers here at SlashNext recently uncovered a promotional image on a cybercrime network showcasing a service called “SessionShark O365 2FA/MFA.” SessionShark is a phishing-as-a-service toolkit built to bypass Micr…
Xanthorox AI – The Next Generation of Malicious AI Threats Emerges
The Next Evolution in Black-Hat AI A new player has entered the cybercrime AI landscape – Xanthorox AI, a malicious tool that brands itself as the “Killer of WormGPT and all EvilGPT variants.” First spotted in late Q1 20…
How Attackers Abuse Trusted Cloud Apps—and Why URL Analysis Matters
It’s no secret that cybercriminals love to exploit our trust in well-known brands. From big-name retailers to popular online services, attackers will latch onto anything that seems safe. In this post, we will explore a real-lif…
From Phishing to Vishing – Modern Social Engineering Attacks
Phishing attacks have moved beyond simply sending emails with malicious links to incorporate more modern social engineering techniques, including the alarming trend of mixing in smishing (SMS phishing) and vishing (voice phishi…
Astaroth: A New 2FA Phishing Kit Targeting Gmail, Yahoo, AOL, O365, and 3rd-Party Logins
Phishing attacks continue to evolve, pushing even the most secure authentication methods to their limits. First advertised on cybercrime networks in late January 2025, Astaroth is a brand new phishing kit that bypasses two-fact…
Devil-Traff: A New Bulk SMS Platform Driving Phishing Campaigns
Employees in most organizations receive countless communications daily—emails, Slack messages, or ticket updates, for example. Hidden among these routine interactions are phishing scams designed to exploit trust and compromise …
Is That Really ProtonMail? New Credential Harvesting Threats Targeting Cloud Apps
Imagine sipping your morning coffee, scrolling through your inbox, when a seemingly innocent ProtonMail message catches your eye. But this isn’t your typical email—it’s a credential-harvesting attempt targeting specific cloud s…
Inside a 90-Minute Attack: Breaking Ground with All-New AI Defeating Black Basta Tactics
Have you ever had your lunch interrupted by a sudden barrage of security alerts? That’s exactly what happened to one of our clients when a frantic call from their Security Operations Center revealed a flood of suspicious emails…
Meet PhishWP – The New WordPress Plugin That’s Turning Legit Sites into Phishing Traps
One morning, you decide to make a purchase from a seemingly reputable online store. The website displays a familiar checkout interface resembling Stripe’s payment process. You enter your payment details, feeling confident…
Five Ways Spear Phishing Tactics are Evolving in 2025
What type of phishing became very effective around 2010 and still worries security teams today? Spear phishing. Spear phishing remains highly effective and is getting more dangerous by the day. What is spear phishing? What new…
Blov HTML Crypter: Phishing Evasion Through Encryption and Obfuscation
Cybercriminals are sharpening their phishing tactics with tools like Blov HTML Crypter — a utility that modifies HTML files to evade detection by security scanners. By employing techniques such as minification, encryption, and …
Government Agency Spoofing: DocuSign Attacks Exploit Government-Vendor Trust
The latest wave of DocuSign attacks has taken a concerning turn, specifically targeting businesses that regularly interact with state, municipal, and licensing authorities. Since November 8 through November 14, we have observed…
It’s Time to Get Started with SlashNext
Learn how to leverage the industry’s best zero-hour phishing protection in your environment.
6701 Koll Center Parkway, Suite 250
Pleasanton CA 94566
800.930.8643
info@slashnext.com
© All Rights Reserved, SlashNext, Inc.