Kali365 PhaaS (phishing-as-a-service) Bypasses MFA to Hijack Microsoft 365 Accounts

Kali365 PhaaS Platform Hijacks Microsoft 365 Accounts Without Stealing a Single Password A criminal subscription service called Kali365 is actively compromising Microsoft 365 accounts across North America and Europe, and it does so without ever needing a victim’s password or triggering a standard multi-factor authentication (MFA) prompt. The FBI issued a formal public service announcement … Read more

Claude Mythos Nears Public Release via Claude Code

Anthropic’s Restricted Claude Mythos Model Is Edging Toward Public Release Through Claude Code Anthropic’s most powerful and previously locked-down AI model, Claude Mythos, has surfaced briefly inside Claude Code and Claude Security. A signal that a controlled public rollout may be closer than the company has publicly acknowledged. The fleeting appearance of a toggle labeled … Read more

Critical Ghost CMS SQL Injection Flaw Exploited in Massive ClickFix Malware Campaign

Welcome back to The Threat Box. If your organization relies on Ghost CMS for its corporate blog, newsroom, or publishing platform, you need to pay close attention. A highly critical vulnerability is actively being exploited in the wild, turning otherwise reputable websites into delivery mechanisms for a sophisticated malware campaign known as ClickFix. Cybersecurity researchers … Read more