Decoding ‘ClickFix’: Lessons from the Latest Browser-Based Phish

ClickFix is a social engineering attack that tricks users into running malicious commands on their own devices - all under the guise of a routine security check. Disguised as something…

Continue ReadingDecoding ‘ClickFix’: Lessons from the Latest Browser-Based Phish

SessionShark Steals Session Tokens to Slip Past Office 365 MFA

Security researchers here at SlashNext recently uncovered a promotional image on a cybercrime network showcasing a service called “SessionShark O365 2FA/MFA.” SessionShark is a phishing-as-a-service toolkit built to bypass Microsoft…

Continue ReadingSessionShark Steals Session Tokens to Slip Past Office 365 MFA

Astaroth: A New 2FA Phishing Kit Targeting Gmail, Yahoo, AOL, O365, and 3rd-Party Logins

Phishing attacks continue to evolve, pushing even the most secure authentication methods to their limits. First advertised on cybercrime networks in late January 2025, Astaroth is a brand new phishing…

Continue ReadingAstaroth: A New 2FA Phishing Kit Targeting Gmail, Yahoo, AOL, O365, and 3rd-Party Logins

Thawing Your Email Security Strategy with Frost’s 2024 Radar Report: A Dynamic Cyber Threat Landscape

In today's digital age, email remains the primary conduit for business communication, making it a prime target for cybercriminals. The Frost Radar Research Report on Email Security for 2024 underscores…

Continue ReadingThawing Your Email Security Strategy with Frost’s 2024 Radar Report: A Dynamic Cyber Threat Landscape

Sophisticated Smishing Compromises Employee Accounts, Accesses Corporate Gift Card Systems

We at SlashNext want to draw attention to the alarming trend of cybercriminals exploiting advanced techniques to target retail corporations, as highlighted in the recent FBI Private Industry Notification (PIN).…

Continue ReadingSophisticated Smishing Compromises Employee Accounts, Accesses Corporate Gift Card Systems