< BACK TO NEWS
importantSYS.SOURCE: The Hacker News2026-07-08T18:30:00+05:30

EvilTokens Campaign Exploits Browser-Level Vulnerabilities in Email Security

#Phishing#Email Security#Browser Security#Cyber Attacks#Threat Intelligence

A new 'ghost phishing' technique bypasses traditional email security by encrypting malicious content until it is decrypted in the victim's browser, enabling Microsoft account takeovers. The attack exploits browser-level visibility gaps, requiring sandboxed analysis to detect and mitigate.

A recent EvilTokens campaign targeting businesses across the US and Europe is exposing a new email security blind spot. This “ghost phishing” technique keeps the malicious page hidden until it decrypts and comes to life inside the victim’s browser.

For security leaders, the risk is clear: traditional URL checks may miss the attack while Microsoft 365 access, sensitive data, and response time

Read original article

*** END OF TRANSMISSION ***