logo

Catan and Mouse

ID: 4b1b64df-a83b-5c52-8527-d68ea211b22d

STIX ID: report--4b1b64df-a83b-5c52-8527-d68ea211b22d

Feed Name: Cisco Talos

Threat Score
75/100

Date Published: 2026-07-02

Date Updated: 2026-07-03

Author: William Largent

...
...

This Talos weekly newsletter highlights a new, mature phishing-as-a-service operator panel named ARToken that exposes 80+ API endpoints enabling device-code phishing, PRT persistence, email access, BEC operations, and SharePoint exfiltration; it also reports an 81M-attempt Microsoft 365 password-spraying campaign, active exploitation of a SimpleHelp OpenID Connect authentication bypass (CVE-2026-48558) for malware delivery, and lists recent malware hashes and detections for defensive use.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.