SessionShark Steals Session Tokens to Slip Past Office 365 MFA

Security researchers here at SlashNext recently uncovered a promotional image on a cybercrime network showcasing a service called “SessionShark O365 2FA/MFA.” SessionShark is a phishing-as-a-service toolkit built to bypass Microsoft…

Continue ReadingSessionShark Steals Session Tokens to Slip Past Office 365 MFA

Astaroth: A New 2FA Phishing Kit Targeting Gmail, Yahoo, AOL, O365, and 3rd-Party Logins

Phishing attacks continue to evolve, pushing even the most secure authentication methods to their limits. First advertised on cybercrime networks in late January 2025, Astaroth is a brand new phishing…

Continue ReadingAstaroth: A New 2FA Phishing Kit Targeting Gmail, Yahoo, AOL, O365, and 3rd-Party Logins

Devil-Traff: A New Bulk SMS Platform Driving Phishing Campaigns

Employees in most organizations receive countless communications daily—emails, Slack messages, or ticket updates, for example. Hidden among these routine interactions are phishing scams designed to exploit trust and compromise security.…

Continue ReadingDevil-Traff: A New Bulk SMS Platform Driving Phishing Campaigns
Read more about the article Meet PhishWP – The New WordPress Plugin That’s Turning Legit Sites into Phishing Traps

Meet PhishWP – The New WordPress Plugin That’s Turning Legit Sites into Phishing Traps

One morning, you decide to make a purchase from a seemingly reputable online store. The website displays a familiar checkout interface resembling Stripe's payment process. You enter your payment details,…

Continue ReadingMeet PhishWP – The New WordPress Plugin That’s Turning Legit Sites into Phishing Traps
Read more about the article SMS Gateways Allow Cybercriminals to Flood Phones With SMS Phishing Messages For Just €0.004 (<img width=.0044) Each" itemprop="image" decoding="async" data-lazy-srcset="https://slashnext.com/wp-content/uploads/2024/01/SMS-Phishing-Threats.png 1354w, https://slashnext.com/wp-content/uploads/2024/01/SMS-Phishing-Threats-300x185.png 300w, https://slashnext.com/wp-content/uploads/2024/01/SMS-Phishing-Threats-1024x631.png 1024w, https://slashnext.com/wp-content/uploads/2024/01/SMS-Phishing-Threats-768x473.png 768w" data-lazy-sizes="(max-width: 1354px) 100vw, 1354px" data-lazy-src="https://slashnext.com/wp-content/uploads/2024/01/SMS-Phishing-Threats.png"/>

SMS Gateways Allow Cybercriminals to Flood Phones With SMS Phishing Messages For Just €0.004 ($0.0044) Each

Our team has been investigating the latest services and infrastructure available to cybercriminals for orchestrating SMS phishing campaigns. After analysing cybercrime forums, it is clear that SMS gateways are currently…

Continue ReadingSMS Gateways Allow Cybercriminals to Flood Phones With SMS Phishing Messages For Just €0.004 ($0.0044) Each
Read more about the article Silent, Yet Powerful Pandora hVNC, The Popular Cybercrime Tool That Flies Under the Radar

Silent, Yet Powerful Pandora hVNC, The Popular Cybercrime Tool That Flies Under the Radar

Pandora hVNC is a remote access trojan (RAT) that has been advertised on cybercrime forums since 2021. Surprisingly, it has received little attention from the cybersecurity community. Despite this, it…

Continue ReadingSilent, Yet Powerful Pandora hVNC, The Popular Cybercrime Tool That Flies Under the Radar