Catan and Mouse
ID: 4b1b64df-a83b-5c52-8527-d68ea211b22d
STIX ID: report--4b1b64df-a83b-5c52-8527-d68ea211b22d
Feed Name: Cisco Talos
This Talos weekly newsletter highlights a new, mature phishing-as-a-service operator panel named ARToken that exposes 80+ API endpoints enabling device-code phishing, PRT persistence, email access, BEC operations, and SharePoint exfiltration; it also reports an 81M-attempt Microsoft 365 password-spraying campaign, active exploitation of a SimpleHelp OpenID Connect authentication bypass (CVE-2026-48558) for malware delivery, and lists recent malware hashes and detections for defensive use.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
