Find notable cyber news and cases, enriched with sources, timelines, and signals.

Forg365 PhaaS industrializes Microsoft 365 credential theft and session hijacking

Threat Actor Meta
First reported
Last updated
Happening score
H score 36
1 unique sources, 1 articles

Summary

Hide ▲

Forg365 has emerged as a subscription-based phishing platform that lowers the barrier to Microsoft 365 account theft while scaling session hijacking and mailbox abuse. The ecosystem packages lure creation, delivery, evasion, token handling, and post-compromise tooling for low-skill affiliates at industrial scale.

Related Happenings

Triad Nexus investment scam and brand impersonation campaign targeting emerging markets

Campaign
H score33 First: 14.04.2026 15:00 Last: 14.04.2026 15:00 Sources 1

About this happening: The **Triad Nexus** campaign is continuing to run **large-scale investment scams** and **brand impersonation**, expanding into **emerging markets** and driving higher fraud losses...

Triad Nexus expands fraud ecosystem and shifts into emerging markets after 2025 US sanctions

Threat Actor Meta
H score43 First: 14.04.2026 15:00 Last: 14.04.2026 15:00 Sources 1

About this happening: **Triad Nexus** expanded its fraud ecosystem after **US Treasury sanctions in 2025**, increasing operational scale and shifting into **emerging markets**. The network’s use of **U...

VENOM closed-access PhaaS operating model limits researcher visibility

Threat Actor Meta
H score18 First: 10.04.2026 00:37 Last: 10.04.2026 00:37 Sources 1

About this happening: **VENOM** is operating as a **closed-access phishing-as-a-service** platform, reducing researcher visibility while supporting **underground credential theft**. The service targets...

EvilTokens PhaaS scales device code phishing for low-skilled cybercriminals

Threat Actor Meta
H score32 First: 04.04.2026 17:17 Last: 04.04.2026 17:17 Sources 1

About this happening: **EvilTokens** is turning **device code phishing** into a **phishing-as-a-service** market, expanding access for **low-skilled cybercriminals** and accelerating competition among...

Venom Stealer subscription and affiliate malware-service ecosystem

Threat Actor Meta
H score36 First: 01.04.2026 16:30 Last: 01.04.2026 16:30 Sources 1

About this happening: **Venom Stealer** is being run as a **subscription-based** malware service with **Telegram licensing** and an **affiliate program**, signaling a more organized cybercrime ecosyste...

Timeline

  1. 13.07.2026 16:03 2 articles · 2h ago

    Forg365 targets Microsoft 365 accounts with device code phishing and AitM session theft

    Initial Disclosure

    Forg365 is a subscription-based phishing-as-a-service platform that targets Microsoft 365 accounts with device code phishing, adversary-in-the-middle (AitM) session theft, antibot evasion, AI-assisted lure creation, and post-compromise mailbox operations. The kit is distributed via Telegram for $400 a month or $3,800 per year, uses legitimate delivery infrastructure such as Amazon SES and Twilio SendGrid, exposes an operator panel at logfriend[.]com/login, and includes the ForgCookie browser extension for continued access to compromised accounts.

    Show sources