Computerworld

Chrome Token-Theft Extensions, Nadella Europe Sovereignty, ChatGPT Age-Checks | Ep. 41

In today’s 2-Minute Tech Briefing, researchers flag fake Chrome productivity extensions stealing session tokens from Workday, NetSuite, and SuccessFactors. Satya Nadella argues Europe’s sovereignty ...
Hosted on MSN

North Korean hackers using malicious QR codes in spear phishing, FBI warns

North Korean group Kimsuky is using QR code phishing to steal credentials Attacks bypass MFA via session token theft, exploiting unmanaged mobile devices outside EDR protections FBI urges ...
Security Boulevard

Starkiller Phishing Framework Bypasses Defenses with Reverse Proxies, Takes an SaaS Approach

Starkiller is a new SaaS-style phishing framework that runs real brand websites inside headless Chrome containers, acting as a live reverse proxy to steal credentials, session tokens, and ...
Dark Reading

'SessionShark' ToolKit Evades Microsoft Office 365 MFA

Threat actors are showcasing a service called "SessionShark 0365 2FA/MFA," which is a phishing-as-a-service (PhaaS) toolkit intended for fellow hackers. The creators of the toolkit are attempting to ...
Dark Reading

Why Tokens Are Like Gold for Opportunistic Threat Actors

Authentication tokens aren't actual physical tokens, of course. But when these digital identifiers aren't expired regularly or pinned for use by a specific device only, they may as well be made of ...