Microsoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in April 2026, Kali365 has been distributed through Telegram, allowing cybercriminals to obtain Microsoft 365 access tokens and bypass MFA without stealing user credentials. “Kali365 lowers the barrier of entry, providing less-technical attackers access…
Tag: tokens
Global Security News
Identity Alone Isn’t Enough: Why Device Security Has to Share the Load
Identity checks alone can’t stop attackers using stolen session tokens and compromised devices. Specops Software outlines why Zero Trust strategies increasingly depend on continuous device verification. […]
AI, Global Security News
Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution
Stolen browser sessions and authentication tokens are becoming more valuable than stolen passwords. Flare explains how the REMUS infostealer evolved around session theft and operational scalability. […]
AI, Global Security News
TeamPCP Used Mini Shai-Hulud Worm to Poison Over 400 npm and PyPI Packages
Research reveals that TeamPCP hijacked OIDC tokens to poison hundreds of TanStack, Mistral AI, and UiPath packages with the self-propagating Mini Shai-Hulud worm.
Global Security News
Cursor Extension Flaw Exposes Developer API Keys
Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX
Data Breaches, Global Security News
Vercel Employee’s AI Tool Access Led to Data Breach
Stolen OAuth tokens, which are at the root of these breaches, “are the new attack surface, the new lateral movement,” a researcher noted.
AI, Global Security News
This problem might not need a solution: customer-service bots that code for free
Why bother paying for your own generative AI (genAI) tokens when you can have the computations done for free using a competitor’s AI-powered customer service bot? That question is at the heart of a CIO.com report that explores the trend and various ways to block it. It’s possible the best response to this kind of…
AI, Global Security News
OpenAI Codex Vulnerability Allowed Attackers to Steal GitHub Tokens
OpenAI Codex vulnerability allowed attackers to steal GitHub tokens via malicious branch names using hidden Unicode command injection flaw.
AI, Global Security News
Zero Trust: Bridging the Gap Between Authentication and Trust
Passing MFA doesn’t mean a session is safe, attackers can hijack tokens and bypass identity checks. Specops Software explains why Zero Trust must verify both user identity and device health. […]
AI, Global Security News
Teaching AI to Smell
Plus, employers are tracking the use of AI tokens and Uber is investing in Rivian robotaxis.
AI, Global Security News
You’ve Finally Figured Out AI at Work—Now Comes the Bill
Companies that now regularly use artificial intelligence are starting to track their workers’ use of tokens, AI’s unit of measurement.
AI, APAC, Global Security News
Nvidia CEO Huang talks up ‘tokenomics’ — the new currency for AI
AI tokens are emerging as a kind of currency that will help in recruitment, budgeting and productivity, Nvidia’s CEO Jensen Huang said during a keynote address at the company’s GTC conference. (The show runs through Thursday in San Jose, CA.) AI tokens will also increasingly influence the progress and bottom line of companies, Huang said.…
AI, Global Security News
When identity isn’t the weak link, access still is
Stolen tokens and compromised devices let attackers reuse trust without breaking authentication. Specops Software explains why identity alone isn’t enough and how continuous device verification strengthens Zero Trust. […]