A follow-up investigation mapping 1,337 phishing URLs across 326 workers.dev hostnames, confirming a PhaaS multi-tenant architecture, encrypted client-side payloads, and new lure variants targeting Adobe, DocuSign, and Outlook branding.
Uncovering a phishing campaign abusing Microsoft Device Code Authentication and Cloudflare Worker Pages, with detection hunts for Entra and Microsoft 365.
A look into automating the hunt for malicious NPM packages, using AI for package review.
A look at a new phishing campaign, ConsentFix which utilises click-fix style techniques to steal auth tokens.
A walkthrough of different Token Theft Scenarios with Detections
A practical guide to implementing threat hunting in a SOC environment and moving beyond reactive detection