Email security news, distilled.

Phishing, BEC, DMARC and inbox threats — pulled every two hours from 6 trusted sources, filtered down to what matters.

This week in email security

AI briefing · 2026-07-02

EvilTokens MFA-bypass phishing kit drives industry reckoning on detection gaps

9 articles
The Register

EvilTokens device-code phishing kit totally more evil than we all thought

EvilTokens device-code phishing kit bypasses MFA and authenticates to Microsoft 365 as victims. Cisco Talos revealed new evasion techniques and capabilities, highlighting the threat's sophistication to email security professionals managing organizational defense.

AI summary · generated with Claude
PhishingHighphishing
Read original
Bleeping Computer

Webinar: Why traditional email security is no longer enough

A webinar discussing how modern phishing, BEC, and account takeover attacks bypass traditional email security by exploiting trusted identities and workflows. The presentation covers behavioral AI solutions for automated detection and response.

AI summary · generated with Claude
PhishingphishingBusiness Email Compromiseemail securityemail compromise
Read original
CyberScoop

This phishing kit looks more like BEC-as-a-service

Researchers discovered ARToken, a business email compromise-as-a-service platform affiliated with EvilTokens phishing operation. The toolkit is designed to bypass MFA and compromise Microsoft 365 accounts, representing an advanced threat targeting organizations.

AI summary · generated with Claude
BECHighphishingBECBusiness Email Compromiseemail compromise
Read original
ISC SANS

Why Ask Credentials If There Are Secret Codes?, (Wed, Jul 1st)

A phishing campaign targeting MetaMask cryptocurrency wallet users was detected. The attack uses alternative authentication methods instead of traditional credential theft, demonstrating evolving phishing tactics that security professionals should recognize.

AI summary · generated with Claude
PhishingMediumphishing
Read original
HackRead

New EvilTokens Attack Exposes Browser Visibility Gap in Enterprise SOCs

EvilTokens is a phishing attack that hides account takeover indicators until browser execution, leaving SOCs with limited visibility. Enterprise teams need enhanced monitoring to validate threats faster and reduce account compromise risk.

AI summary · generated with Claude
PhishingHighphishing
Read original
CyberScoop

How ransomware syndicates weaponize corporate-style organization

Black Basta ransomware syndicate operates like a sophisticated corporation, using advanced phishing and malware campaigns to target victims. The group's leaked internal communications reveal their evolution into organized extortion operations, relevant to understanding modern ransomware delivery mechanisms.

AI summary · generated with Claude
MalwareHighphishing
Read original
The Register

Health board apologizes for phishing staff with with bogus vacation day

A Canadian health board conducted a phishing awareness test on staff using a fake vacation day offer, which sparked backlash for its inappropriate theme. The organization apologized for the social engineering exercise designed to test employee security awareness.

AI summary · generated with Claude
Phishingphishing
Read original
The DFIR Report

Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvesting

An exposed server revealed the Bissa Scanner platform, used for large-scale exploitation and credential harvesting across multiple victims. The operators leveraged AI tools like Claude Code and OpenAI to automate and refine their malicious collection pipeline, demonstrating sophisticated attack infrastructure.

AI summary · generated with Claude
MalwareHighcredential harvesting
Read original