Blog

Threat intelligence, emerging attack vectors, and actionable security insights from our team.

Attack Report 2026-05-26 9 min

Kali365: OAuth Device Code Phishing Targeting Microsoft 365

Kali365 abuses OAuth Device Authorization to hijack Microsoft 365 sessions without credentials. Analysis of the technique, IOCs, and defenses.

Threat Intelligence 2026-05-20 8 min

VENOM: C-Suite Credential Theft Campaign Bypassing MFA

A five-phase campaign targeting executives across 20+ industries uses adversary-in-the-middle techniques to hijack sessions, rendering MFA ineffective.