The vulnerability, discovered by EasyOptOuts co-founder Tyler Murphy, allows individuals with knowledge of the exploit to uncover the real email address masked by the anonymous alias.
ARToken operates as an affiliate of the EvilTokens phishing-as-a-service operation, which targets Microsoft 365 accounts and bypasses multi-factor authentication.
The campaign, involving nearly 8.9 million email addresses and linked to Romanian threat actors, utilized a compromised Bolivian government website to host the fraudulent Boots checkout page.
The browser is now the frontline of cyberattacks. Learn how attackers hijack sessions, bypass MFA, abuse malicious extensions, and use browser-based phishing to compromise users and how security teams can stop them. Thank you to our sponsor for this webcast, Push Security! If your security stack can’t see what’s happening in the browser, attackers ...