Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

VENOM closed-access PhaaS operating model limits researcher visibility

Threat Actor Meta
First reported
Last updated
Happening score
H score 35
1 unique sources, 1 articles

Summary

Hide ▲

VENOM is operating as a closed-access phishing-as-a-service platform, reducing researcher visibility while supporting underground credential theft. The service targets C-suite executives across multiple industries and uses highly personalized lures to improve conversion. Its restricted distribution and evasive delivery make the platform harder to monitor and more durable in the wild.

Related Happenings

Caller-as-a-Service scam ecosystem professionalizes underground fraud

Threat Actor Meta
First: 22.04.2026 17:01 Last: 22.04.2026 17:01 Sources 1

About this happening: The **Caller-as-a-Service** scam ecosystem has become **highly professionalized and segmented**, making fraud easier to scale and harder to disrupt. Distinct operators now handle...

Open Happening

Triad Nexus investment scam and brand impersonation campaign targeting emerging markets

Campaign
First: 14.04.2026 15:00 Last: 14.04.2026 15:00 Sources 1

About this happening: The **Triad Nexus** campaign is continuing to run **large-scale investment scams** and **brand impersonation**, expanding into **emerging markets** and driving higher fraud losses...

Open Happening

Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery

Security Tool/Service
First: 08.04.2026 12:16 Last: 08.04.2026 12:16 Sources 1

About this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...

Latest development: 23.05.2026 14:55

Anthropic said Project Glasswing has uncovered more than 10,000 high- or critical-severity vulnerabilities across widely used software since the program launched last month, including 6,202 high/critical flaws affecting more than 1,000 open-source projects, 1,726 validated true positives, 1,094 high/critical flaws, a critical WolfSSL flaw tracked as CVE-2026-5194 with CVSS score 9.1, 97 upstream patches, and 88 advisories.

Open Happening

EvilTokens PhaaS scales device code phishing for low-skilled cybercriminals

Threat Actor Meta
First: 04.04.2026 17:17 Last: 04.04.2026 17:17 Sources 1

About this happening: **EvilTokens** is turning **device code phishing** into a **phishing-as-a-service** market, expanding access for **low-skilled cybercriminals** and accelerating competition among...

Open Happening

CrowdStrike Microsoft Marketplace listing

Commercial Activity
First: 03.04.2026 14:53 Last: 03.04.2026 14:53 Sources 1

About this happening: CrowdStrike made **its offerings** available in the **Microsoft Marketplace**, expanding how enterprise buyers can procure **cybersecurity products**. Eligible customers with **Mi...

Open Happening

Timeline

  1. 10.04.2026 00:37 2 articles · 1mo ago

    VENOM closed-access PhaaS targets C-suite executives

    Initial Disclosure

    Abnormal describes VENOM as a previously undocumented closed-access phishing-as-a-service platform that has been active since at least last November and targets CEOs, CFOs, and VPs across multiple industries for Microsoft login theft. The operation uses highly personalized Microsoft SharePoint-themed phishing emails, Unicode QR codes, adversary-in-the-middle credential harvesting, and device-code phishing to capture credentials, MFA codes, session tokens, and persistent account access.

    Show sources
    Open in new tab