Find notable cyber news and cases, enriched with sources, timelines, and signals.

VENOM closed-access PhaaS operating model limits researcher visibility

Threat Actor Meta
First reported
Last updated
Happening score
H score 18
1 unique sources, 1 articles

Summary

Hide ▲

VENOM is operating as a closed-access phishing-as-a-service platform, reducing researcher visibility while supporting underground credential theft. The service targets C-suite executives across multiple industries and uses highly personalized lures to improve conversion. Its restricted distribution and evasive delivery make the platform harder to monitor and more durable in the wild.

Related Happenings

Caller-as-a-Service scam ecosystem professionalizes underground fraud

Threat Actor Meta
H score26 First: 22.04.2026 17:01 Last: 22.04.2026 17:01 Sources 1

About this happening: The **Caller-as-a-Service** scam ecosystem has become **highly professionalized and segmented**, making fraud easier to scale and harder to disrupt. Distinct operators now handle...

Triad Nexus investment scam and brand impersonation campaign targeting emerging markets

Campaign
H score33 First: 14.04.2026 15:00 Last: 14.04.2026 15:00 Sources 1

About this happening: The **Triad Nexus** campaign is continuing to run **large-scale investment scams** and **brand impersonation**, expanding into **emerging markets** and driving higher fraud losses...

Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery

Security Tool/Service
H score58 First: 08.04.2026 12:16 Last: 08.04.2026 12:16 Sources 1

About this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...

Latest development: 03.06.2026 14:00

President Donald Trump signed a June 2 executive order that sets up a voluntary framework for developers of covered frontier models to give the US government access for cybersecurity review for up to 30 days before release, while expressly rejecting any mandatory licensing or preclearance requirement. The order directs NSA, CISA, and NIST to build a classified benchmark for determining which models cross the covered threshold and creates an AI cybersecurity clearinghouse led by the Treasury Department. The framework closely echoes Anthropic's Project Glasswing, which gives vetted partners early access to Claude Mythos Preview to scan critical software for vulnerabilities.

EvilTokens PhaaS scales device code phishing for low-skilled cybercriminals

Threat Actor Meta
H score32 First: 04.04.2026 17:17 Last: 04.04.2026 17:17 Sources 1

About this happening: **EvilTokens** is turning **device code phishing** into a **phishing-as-a-service** market, expanding access for **low-skilled cybercriminals** and accelerating competition among...

CrowdStrike Microsoft Marketplace listing

Commercial Activity
H score1 First: 03.04.2026 14:53 Last: 03.04.2026 14:53 Sources 1

About this happening: CrowdStrike made **its offerings** available in the **Microsoft Marketplace**, expanding how enterprise buyers can procure **cybersecurity products**. Eligible customers with **Mi...

Timeline

  1. 10.04.2026 00:37 2 articles · 3mo ago

    VENOM closed-access PhaaS targets C-suite executives

    Initial Disclosure

    Abnormal describes VENOM as a previously undocumented closed-access phishing-as-a-service platform that has been active since at least last November and targets CEOs, CFOs, and VPs across multiple industries for Microsoft login theft. The operation uses highly personalized Microsoft SharePoint-themed phishing emails, Unicode QR codes, adversary-in-the-middle credential harvesting, and device-code phishing to capture credentials, MFA codes, session tokens, and persistent account access.

    Show sources