WEDNESDAY, JULY 1, 2026 48° E  /  GLOBAL TECH · SUMMARISED SUBSCRIBE
AI, business, devices, policy — global tech, summarised every 30 minutes.
Security · 1h ago

EvilTokens phishing kit evolves into full BEC platform

By Meridian48 News Desk · Summarised from The Register ·

Cisco Talos researchers reveal that the EvilTokens device-code phishing kit has expanded into a complete business email compromise operations environment. The kit now includes automated credential harvesting, session hijacking, and multi-factor authentication bypass capabilities. It targets Microsoft 365 and Google Workspace users through sophisticated OAuth device-code flow attacks.

Meridian48 take
The kit's evolution from a simple phishing tool to a full BEC platform underscores how cybercriminal tooling is becoming more modular and enterprise-grade, lowering the barrier for less skilled attackers.
Read the full reporting
EvilTokens device-code phishing kit totally more evil than we all thought →
The Register
phishing-kitbec-operations
More security briefs
Go deeper on security
AllAIStartupsBusinessDevicesPolicySecurityDev ToolsPakistan