Phishing

• EvilTokens: Device Code Phishing Hit 340+ M365 Orgs and a Password Reset Won't Fix It March 25, 2026

  A campaign targeting 340+ Microsoft 365 organisations across five countries is using the OAuth device code flow to harvest persistent access tokens. The critical detail: those tokens survive a password reset.

• Signal's Encryption Is Fine. Your Device List Might Not Be. March 22, 2026

  FBI and CISA issued a joint advisory on March 20, 2026 warning that Russian Intelligence Services are compromising Signal, WhatsApp, and Telegram accounts via device-linking abuse and verification code phishing. The encryption is not broken -- the attack surface is account-level device management, not the cryptography.