Security researchers here at SlashNext recently uncovered a promotional image on a cybercrime network showcasing a service called “SessionShark O365 2FA/MFA.” SessionShark is a phishing-as-a-service toolkit built to bypass Microsoft Office 365 multi-factor authentication (MFA) protections. While the offering is clearly intended for threat actors, its creators attempt to frame it as “for educational purposes.” […] The post SessionShark Steals Session Tokens to Slip Past Office 365 MF...| SlashNext
The Next Evolution in Black-Hat AI A new player has entered the cybercrime AI landscape – Xanthorox AI, a malicious tool that brands itself as the “Killer of WormGPT and all EvilGPT variants.” First spotted in late Q1 2025, Xanthorox began circulating in cybercrime communities across darknet forums and encrypted channels. The system is promoted […] The post Xanthorox AI – The Next Generation of Malicious AI Threats Emerges first appeared on SlashNext.| SlashNext
It’s no secret that cybercriminals love to exploit our trust in well-known brands. From big-name retailers to popular online services, attackers will latch onto anything that seems safe. In this post, we will explore a real-life example of this: the abuse of DocuSign’s actual application to deliver malicious links. Then, we’ll dive into how our […] The post How Attackers Abuse Trusted Cloud Apps—and Why URL Analysis Matters first appeared on SlashNext.| SlashNext
Phishing attacks have moved beyond simply sending emails with malicious links to incorporate more modern social engineering techniques, including the alarming trend of mixing in smishing (SMS phishing) and vishing (voice phishing). These techniques are a growing threat beyond email security and enhance cybercriminals’ capabilities to achieve their objectives using this new range of communication […] The post From Phishing to Vishing – Modern Social Engineering Attacks first appeared on ...| SlashNext
Phishing attacks continue to evolve, pushing even the most secure authentication methods to their limits. First advertised on cybercrime networks in late January 2025, Astaroth is a brand new phishing kit that bypasses two-factor authentication (2FA) through session hijacking and real-time credential interception. Astaroth utilizes an evilginx-style reverse proxy to intercept and manipulate traffic between […] The post Astaroth: A New 2FA Phishing Kit Targeting Gmail, Yahoo, AOL, O365, and ...| SlashNext
Discover how a groundbreaking AI solution neutralized a bold Black Basta-style cyberattack in under 90 minutes—the first AI solution in the industry.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
As part of my Cyber SOC GitHub repo I’ve put together lots of resources to try and help people with … Continue reading Business Email Compromise Check List| PwnDefend
When a suspected email mailbox compromise is reported, initiating an investigation promptly is critical. However, to ensure the investigation is effective, certain minimum intelligence requirements must be met. This blog outlines the bare minimum data needed to start investigating a suspected email mailbox compromise, whether the intelligence comes from an internal team or a third-party source.| PwnDefend
Security researchers here at SlashNext recently uncovered a promotional image on a cybercrime network showcasing a service called “SessionShark O365 2FA/MFA.” SessionShark is a phishing-as-a-service toolkit built to bypass Microsoft Office 365 multi-factor authentication (MFA) protections. While the offering is clearly intended for threat actors, its creators attempt to frame it as “for educational purposes.” […] The post SessionShark Steals Session Tokens to Slip Past Office 365 MF...| SlashNext
Explore how Xanthorox AI’s modular, self-hosted design empowers cybercriminals—and learn how SlashNext defends against these advanced, AI-driven threats.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
Learn how attackers exploit trusted cloud apps like DocuSign and how advanced URL analysis unveils hidden phishing and malware threats before damage occurs.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
Learn how phishing, smishing, and vishing, key components of modern social engineering and business email compromise (BEC), leverage bots and voice cloning to bypass traditional defenses and capture credentials today.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
Discover how a groundbreaking AI solution neutralized a bold Black Basta-style cyberattack in under 90 minutes—the first AI solution in the industry.| SlashNext | Complete Generative AI Security for Email, Mobile, and Browser
Expert Forum va organiza pe 5 martie, începând cu ora 12, o dezbatere despre organizarea alegerilor în 2024. Evenimentul are loc în contextul comasării alegerilor din iunie, iar această decizie politică implică numeroase modificări legislative cu puțin timp înaintea datei alegerilor.| expertforum.ro