News

EvilTokens device-code phishing kit totally more evil than we all thought

  • Jessica Lyons--Theregister.com
  • published date: 2026-07-01 21:50:25 UTC

It's a 'complete BEC operations environment,' Talos researcher says

EvilTokens, the device-code phishing kit that can allow criminals to bypass multi-factor authentication (MFA) and silently authenticate as the victim to the organization's Microsoft 365 applications,… [+3115 chars]