logo

Next-Gen Phishing Tactics Users Aren’t Ready For | Huntress

ID: 9000d058-39f9-5b39-bd02-92603cde4bda

STIX ID: report--9000d058-39f9-5b39-bd02-92603cde4bda

Feed Name: Huntress Blog

Threat Score
75/100

Date Published: 2026-06-22

Date Updated: 2026-06-25

...
...

This report outlines five advanced phishing tactics being observed and simulated by Huntress—ClickFix (command-execution via native tools), Browser-in-the-Browser (rendered fake auth windows), OAuth consent phishing (ConsentFix and authorization code theft), device code phishing (authorizing an attacker’s device via legitimate device-login flows), and fake video-conference overlays (malicious update prompts). Each technique subverts conventional user training (checking URLs, padlocks, or download aversion) to achieve credential/token theft, persistent cloud access, or remote code installation, and the document describes corresponding simulated training scenarios and demos to build user resilience.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.