Tag
3 articles covering Token Theft across campaign analysis, detection engineering, and defender tradecraft.
Field Analysis
An FBI-flagged phishing-as-a-service kit rents Microsoft 365 token theft for $250 a month, packaging device-code and OAuth abuse into a point-and-click dashboard that defeats MFA without a fake login page.
Read more:FBI IC3Malwarebytes
Field Analysis
Microsoft detailed an April 2026 campaign that wrapped credential theft in HR disciplinary language, used a CAPTCHA as an anti-analysis gate, and stole tokens through an adversary-in-the-middle proxy.
Read more:Microsoft Security BlogThe Hacker News
Field Analysis
Most M365 phishing incidents are decided in the first hour. This walkthrough lays out a 60-minute response chain from user report to refresh-token revocation and consent reversal.