Show notes
This briefing analyzes a massive surge in automated attacks against Microsoft 365, featuring 81 million password-spraying attempts targeting 64 organizations. We break down the technical exploitation of the Resource Owner Password Credentials (ROPC) OAuth mechanism, which allowed attackers to bypass multi-factor authentication due to misconfigured Conditional Access policies. The episode also explores the discovery of the ARToken Phishing-as-a-Service platform, an affiliate of EvilTokens that uses AI to automate business email compromise. Additionally, we cover the 'ConsentFix' technique that hijacks sessions in seconds and a lingering vulnerability in Apple's 'Hide My Email' feature that remains unfixed over a year after disclosure. Finally, we review the Medtronic data breach notification following an intrusion by the ShinyHunters group that compromised 9 million records.



