SpyCloud researchers dissect Kali365, a Telegram-sold phishing-as-a-service kit targeting Microsoft 365. Using device-code and adversary-in-the-middle phishing, it steals OAuth tokens and session cookies to bypass MFA – then staged a fake FBI “shutdown” while operations continued. Here’s how the kit works, who it targets, and why password resets won’t stop it.
Google announced a new feature called Device Bound Security Credentials (DBSC) for Chrome. Learn how it affects cookie theft and session hijacking.
Device code phishing is a fast-growing adversary-in-the-middle (AiTM) attack that exploits OAuth 2.0 device flow to harvest access and refresh tokens — bypassing MFA. SpyCloud Labs researchers break down how it works, what attackers do with stolen tokens, and how to detect and shut down compromised sessions.
Botnets are one of the tools that enable bad actors to carry out extensive infostealer attacks. We discuss the risks of botnets, infostealers, and malware infections, and how to close ransomware visibility gaps.
Get the inside scoop on the global Tycoon 2FA phishing infrastructure takedown, including threat actor techniques and enterprise victim impact.
An analysis of the newly launched underground carding marketplace data against SpyCloud’s recaptured data shows the leaked information existed on the dark web prior to its recent disclosure – but does that make it any less powerful in the hands of a criminal?
SpyCloud’s continuous delivery model processes breach data in 2 hours, malware in 1 hour – giving cybersecurity teams the speed to detect and remediate threats before attackers weaponize stolen data.
From the LummaC2 takedown to the BreachForums void, our May cybercrime update breaks down the biggest cyber threats & news.
From the Twitter/X breach to Atomic macOS Stealer infection trends, our April cybercrime update breaks down the biggest cyber threats and news.
The end of 2024 and start to 2025 had no shortage of cyber security hot topics to cover. Dig into our latest findings and insights in this blog.
The cybercrime industry today features specialists who offer cybercrime enablement services for anything a criminal doesn’t want to do – or can’t do – themselves. Learn more.
Legacy infostealer malware like Redline Stealer & Raccoon Stealer are still fueling cybercrime and threatening organizations. Here’s how to stay protected.
SpyCloud Labs digs into new infostealer malware variants like Kemicat and Mephedrone, as well as the resurgence of keyloggers like Snake.
We’ve added three new Windows infostealer malware families to our recaptured data repository. Learn about Xehook, Meduza, and Elusive.
SpyCloud research shows a recent surge in the prevalence of the LummaC2 infostealer, rising 2000% in 6 short months.
Despite being one of the oldest tricks in the cybercrime playbook, BEC scams continue to pose a significant threat to organizations, causing 64 times more losses than ransomware last year.
Our resident security research expert discusses malware trends – including why we’re finding screenshots of victims’ desktops among the exfiltrated data.
