SlashNext Blog

Phishing, social engineering, and modern threats.

Featured Article

SessionShark Steals Session Tokens to Slip Past Office 365 MFA

Security researchers here at SlashNext recently uncovered a promotional image on a cybercrime network showcasing a service called “SessionShark O365 2FA/MFA.” SessionShark is a phishing-as-a-service toolkit built to bypass Microsoft Office 365 multi-factor authentication (MFA) protections. While the offering is clearly intended for threat actors, its creators attempt to frame it as “for educational purposes.” […]

Featured Article

10 Ways URL Analysis & Enrichment Can Help Ease Your SOC’s Challenges in 2020

On-demand phishing URL analysis solutions can help ease your SOC teams’ pain and challenges.

Blog Subscription

SessionShark Steals Session Tokens to Slip Past Office 365 MFA

Security researchers here at SlashNext recently uncovered a promotional image on a cybercrime network showcasing a service called “SessionShark O365 2FA/MFA.” SessionShark is a phishing-as-a-service toolkit built to bypass Micr…

April 24, 2025

Xanthorox AI – The Next Generation of Malicious AI Threats Emerges

The Next Evolution in Black-Hat AI A new player has entered the cybercrime AI landscape – Xanthorox AI, a malicious tool that brands itself as the “Killer of WormGPT and all EvilGPT variants.” First spotted in late Q1 20…

April 7, 2025

How Attackers Abuse Trusted Cloud Apps—and Why URL Analysis Matters

It’s no secret that cybercriminals love to exploit our trust in well-known brands. From big-name retailers to popular online services, attackers will latch onto anything that seems safe. In this post, we will explore a real-lif…

March 20, 2025

From Phishing to Vishing – Modern Social Engineering Attacks

Phishing attacks have moved beyond simply sending emails with malicious links to incorporate more modern social engineering techniques, including the alarming trend of mixing in smishing (SMS phishing) and vishing (voice phishi…

March 10, 2025

Astaroth: A New 2FA Phishing Kit Targeting Gmail, Yahoo, AOL, O365, and 3rd-Party Logins

Phishing attacks continue to evolve, pushing even the most secure authentication methods to their limits. First advertised on cybercrime networks in late January 2025, Astaroth is a brand new phishing kit that bypasses two-fact…

February 13, 2025

Devil-Traff: A New Bulk SMS Platform Driving Phishing Campaigns

Employees in most organizations receive countless communications daily—emails, Slack messages, or ticket updates, for example. Hidden among these routine interactions are phishing scams designed to exploit trust and compromise …

January 29, 2025

Is That Really ProtonMail? New Credential Harvesting Threats Targeting Cloud Apps

Imagine sipping your morning coffee, scrolling through your inbox, when a seemingly innocent ProtonMail message catches your eye. But this isn’t your typical email—it’s a credential-harvesting attempt targeting specific cloud s…

January 22, 2025

Inside a 90-Minute Attack: Breaking Ground with All-New AI Defeating Black Basta Tactics

Have you ever had your lunch interrupted by a sudden barrage of security alerts? That’s exactly what happened to one of our clients when a frantic call from their Security Operations Center revealed a flood of suspicious emails…

January 13, 2025

WordPress security

Meet PhishWP – The New WordPress Plugin That’s Turning Legit Sites into Phishing Traps

One morning, you decide to make a purchase from a seemingly reputable online store. The website displays a familiar checkout interface resembling Stripe’s payment process. You enter your payment details, feeling confident…

January 6, 2025

Evolution of Spear Phishing Tactics

Five Ways Spear Phishing Tactics are Evolving in 2025

What type of phishing became very effective around 2010 and still worries security teams today? Spear phishing. Spear phishing remains highly effective and is getting more dangerous by the day. What is spear phishing? What new…

December 10, 2024

How to Fight Blov HTML Crypter Phishing

Blov HTML Crypter: Phishing Evasion Through Encryption and Obfuscation

Cybercriminals are sharpening their phishing tactics with tools like Blov HTML Crypter — a utility that modifies HTML files to evade detection by security scanners. By employing techniques such as minification, encryption, and …

November 25, 2024

DocuSign impersonation attacks are exploiting government-vendor theft

Government Agency Spoofing: DocuSign Attacks Exploit Government-Vendor Trust

The latest wave of DocuSign attacks has taken a concerning turn, specifically targeting businesses that regularly interact with state, municipal, and licensing authorities. Since November 8 through November 14, we have observed…

November 18, 2024

It’s Time to Get Started with SlashNext

Learn how to leverage the industry’s best zero-hour phishing protection in your environment.

Demo Request

Support

6701 Koll Center Parkway, Suite 250
Pleasanton CA 94566
800.930.8643
info@slashnext.com

© All Rights Reserved, SlashNext, Inc.