In this week’s “Reboot” column, Apple’s MacBook Neo is an impressive downgrade, the gaming push continues, and scribling on the Sydney Opera House.
This week’s Reboot talks about the Sydney Opera House, Apple’s gaming efforts, and a whole new “Experience”
Reboot is a weekly column covering some of the lighter stories within the Apple reality distortion field from the past seven days. All to get the next week underway with a good first step. This week, Apple stepped in to fight Anthropoc’s supply-chain risk designation in the United States, an apparent FBI or CIA hacking toolset has been spotted on the black market, and a retirement fund has sued Apple over a decade of apparent “monopolistic conduct.” Luckily, there were some bright spots, too. Continue Reading on AppleInsider | Discuss on our Forums
It’s a yearly delight to feel the weather warm up as spring approaches, but this season of renewal does come with some downsides. One of the most annoying and dangerous is the road pothole, which manifests itself as a small dent, a massive hole, or something in between on the roadway. These become especially frequent sights throughout the spring season, thanks largely to the transition from winter to spring. Temperatures going from freezing to warm and snow and ice melting into water, freezing, and remelting ultimately lead to potholes being a common issue.
The formation of a pothole begins with the accumulation and subsequent melting of snow and ice during winter. This water makes its way into the dirt below the pavement via small cracks and holes. Freezing temps then turn that water into ice, which expands to lift and move the soil around it. As a result, the pavement above moves around, too, and when that ice melts in the warming spring, it leaves weak spots in those areas. Combine this weakened state with frequent driving, and it’s only a matter of time before the pavement breaks apart into a pothole.
While the squiggly road lines known as tar snakes often prevent some potholes from forming, plenty manage to take shape all the same. Potholes can mean serious trouble on the road. That’s why it’s crucial to practice safe driving habits and even take action should you encounter them.
Advertisement
How to take action when potholes form
Mikhail Yakovlev/Getty Images
When potholes have formed on the road, it’s key to drive safely in their presence. It can be difficult to tell just how big and deep they are from the driver’s seat, and hitting potholes could mean a guaranteed trip to the mechanic, be it for new tires or suspension parts, so you want to exercise caution. Don’t drive right over them, skirt around them when you can, and if they’re bad enough, safely change lanes to avoid them if possible. If you have little choice other than to drive your vehicle over one, be sure to do so at a low speed to prevent unnecessary wear.
Once you’re off the road, you can still take action against the potholes in your area. While more often than not, towns and cities will eventually get around to filling potholes, especially those in traffic-heavy areas, sometimes those on side streets will be overlooked. Oftentimes, you can go online and bring awareness to them by filling out a pothole repair request form or using other methods to get in touch with those responsible for repairing them. Doing so will benefit your vehicle’s health in the long run and the wider community as well.
Advertisement
There is no shortage of dangers and obstacles on the road, but few are more jarring than the pothole. That’s why, as spring approaches, it’s in every driver’s best interest to be extra careful while driving and, if they feel strongly enough, speak up to get something done about them.
He’s Apple’s Chief Operating Officer who became the CEO — but he’s not Tim Cook. Instead, this was how Michael Spindler replaced John Sculley, and made himself ill trying to save the company in the 1990s.
Apple CEO Michael Spindler — image credit: Apple
Michael Scott was the first Apple CEO, brought in by Mike Markkula, who became the second CEO when Scott was shown the door. Markkula was then responsible along with Steve Jobs for recruiting John Sculley, until he was also shown the exit sign. But while it was Sculley who made Spindler Chief Operating Officer, and then it was the board that made him CEO, Markkula was again behind all of this. It was Markkula who recruited Spindler to join Apple in September 1980. Continue Reading on AppleInsider | Discuss on our Forums
When you step into the 2026 Mercedes EQS, you feel as if you’ve entered another dimension. Nothing connects the mechanical workings of the car anymore. Instead, you have a steering-by-wire system. This means that all of your steering wheel movements are detected by sensors and relayed to control units, which then instruct the actuators on how to make the wheels respond to your commands.
It operates just like a sports car with variable gear ratios that can change instantly based on the speed at which you travel. At low speeds, there is a faster reaction, which will be helpful if you need to maneuver quickly in and out of crowded places such as parking lots. High speeds ensure a smooth ride for you while you travel on highways. The whole system works automatically, with the software deciding what is necessary for you without requiring any interference from your side. This will ensure that the steering effort required is minimal since even slight adjustments will require little force.
MERCEDES-AMG PETRONAS F1 TEAM BUILDING SET – LEGO Speed Champions Mercedes-AMG PETRONAS F1 Team Race Car vehicle building set for boys and girls…
DRIVER MINIFIGURE – This car playset includes a driver minifigure wearing a Mercedes-AMG PETRONAS F1 Team outfit and a winged helmet for kids to…
AUTHENTIC DETAILS – The F1 race car features design details from the real-life 2024 version, including sponsor stickers and wider rear tires…
It’s also fascinating how the wheel’s design is actually rather flat compared to what you’d assume would be on a futuristic EV; it’s a yoked wheel with plenty of legroom and clear visibility of the screens on the dash board. You’ll find it easier to get into and out of the vehicle now too, while ngineers have even had to develop their own airbags for it, resulting in further safety safeguards.
Before deciding to put this technology into production, the development team tested it for approximately a million kilometers on real roads, proving grounds, and simulators. They’ve also added rear axle steering, which works in unison with the front system to make the car turn more tightly while remaining silky smooth at high speeds. Everything adds up to a combination that simply makes driving appear more pleasant and stable. [Source]
‘Dead game’ is a term thrown around loosely now. You’ll often hear players say it whenever a game drops a few spots in the Steam concurrent players chart, gets a bad balance update, or makes a change that angers the community. But that’s not what actually makes a game dead.
Dead games usually disappear twice. First when the players leave, and then again when people stop talking about them. The games on this list never really managed the second part.
Not all of these games are “dead” in the exact same way. Some are officially gone. Some are technically still playable but functionally abandoned. Some survive through tiny, stubborn communities that refuse to let go. But with the momentum gone and their future in question, all you’re left with is a strong sense of what could have been. And yet, I still miss them all.
Anthem
What was it about?
Advertisement
Anthem had one of the coolest core fantasies I have ever seen wasted. Flying around in a Javelin felt incredible. The movement had speed, weight, and that rare kind of freedom that instantly made you think, “Okay, this is the fantasy.”
Even now, when people talk about Anthem, that is usually the first thing they bring up. Not the loot. Not the missions. The flying.
Why did it fail?
Advertisement
Because everything around the power fantasy could not support it, Anthem’s trailer had many wondering if it was a narrative-driven story game, but it was released as a live-service game that never really understood the kind of game it wanted to be. The content loop was weak, the gameplay got repetitive fast, and the game never found the long-term support it needed to build on its best idea. Anthem is easy to remember because the foundation is so cool. Though it is a painful reminder that a concept alone is never enough.
Deceive Inc.
What was it about?
In a sea full of multiplayer shooters, Deceive Inc. felt genuinely fresh in a market that rarely rewards experimentation. The whole spy-social-stealth concept was clever, stylish, and different in a way that made it stand out immediately. It was a game with an actual personality instead of the usual formula that revolved around battle royales and hero shooters.
Advertisement
Why did it fail?
Players being clever isn’t always enough to survive. Deceive Inc. never felt like it found the player base it deserved. For multiplayer games, a bit of momentum and a dedicated community are what make it thrive. So once you lose both, recovery gets brutally hard. It also lived in that awkward space where people that played it often seemed to love the idea, but not enough people showed up to keep that idea alive. “How did it never catch on?” is the question we’ve been left with.
Gigantic
What was it about?
Gigantic was one of the best ‘Hero Shooters’ out there. It had style and substance. It looked alive in a way a lot of team-based multiplayer games never do. The art direction, character design, and scale of the matches were all expressive and full of energy. Apart from my uncontested favorite in the genre, this came as a close second. Even the remaster reminds people how distinct the game’s identity really was.
Advertisement
A hero and guardian in Gigantic: Rampage Edition.Gearbox Entertainment
Why did it fail?
Timing, support, and bad luck all seemed to work against it. Gigantic always came across as the game people admired, but from a distance. That is the cruel thing about games like this. A game can be original, stylish, and easy to root for, and the market can still shrug it off. Unfortunately, the Gigantic: Rampage Edition was a relaunch that aimed to bring back the interest, but people had already moved on, and as my friend once put it, “the spark is just not there anymore.”
Titanfall 2
What was it about?
Titanfall 2 is a game that still feels better than half the shooters that came after it. Even as gamers were complaining about the shifting focus of Call of Duty into a movement shooter, the fatigue of this meta helped create a game that leaned heavily into this. A game with in-depth movement mechanics and style. The movement was fast and fluid, the Titans added real spectacle, and the campaign had one of the best level designs of its era. To date, it feels like a game that people bring up with a mix of admiration and frustration since it got so much right.
Respawn Entertainment
Why did it fail?
While its story is a bit similar to the rest of the games on this list, the issues were more nuanced here. Respawn Entertainment released the game between two colossal video game franchise releases, which overshadowed it on launch. Its gruelling mechanics had many of the casual players quit in favor of simpler titles. What made matters worse was that the game was held hostage for years by hackers. There was no support from the studio, which shifted most of its focus to its real money-maker, Apex Legends.
Advertisement
Paladins: Champions of the Realm
Paladins is different from other games on this because I did not just admire it from a distance. I lived in it. I put nearly 3,000 hours into that game, hit the top ranks, and spent enough time with it to see both its brilliance and its mess up close. What made Paladins special was that it always felt more flexible, more chaotic, and honestly, more creative than people gave it credit for.
The champions had personality, the card and loadout system let you shape your playstyle in ways other hero shooters did not. The whole thing had scrappy energy that made it feel alive even when it was barely being held together. This game is also the reason I decided to make this list of all the great games we’ve lost.
Why did it fail?
Advertisement
Paladins was never allowed to be as great as it could have been. It was plagued by bugs, weird balancing, uneven support, and the constant uphill battle of living in the shadows of Overwatch. But what hurts that most is that Paladins did not die because nobody cared; it faded while people still cared. The small but strong community held out as Hi-Rez suffered from severe mismanagement. Over time, the controversial changes, lack of support, and bugs forced many players to quit.
(Shout out to GreatDivide for the Cassie clip.)
The game still gets around 2000 players on a good day, with the community supporting it and carrying it longer than most dead games ever get carried. All of these games stay with me for different reasons. Some were wasted potential. Some were mistimed. Some just never found enough people.
Advertisement
A dead game does not stay in your head this long, unless it got something very right.
A new report dubbed “BrowserGate” warns that Microsoft’s LinkedIn is using hidden JavaScript scripts on its website to scan visitors’ browsers for installed extensions and collect device data.
According to a report by Fairlinked e.V., which claims to be an association of commercial LinkedIn users, Microsoft’s platform injects JavaScript into user sessions that checks for thousands of browser extensions and links the results to identifiable user profiles.
The author claims that this behavior is used to collect sensitive personal and corporate information, as LinkedIn accounts are tied to real identities, employers, and job roles.
“LinkedIn scans for over 200 products that directly compete with its own sales tools, including Apollo, Lusha, and ZoomInfo. Because LinkedIn knows each user’s employer, it can map which companies use which competitor products. It is extracting the customer lists of thousands of software companies from their users’ browsers without anyone’s knowledge,’ the report says.
Advertisement
“Then it uses what it finds. LinkedIn has already sent enforcement threats to users of third-party tools, using data obtained through this covert scanning to identify its targets.”
BleepingComputer has independently confirmed part of these claims through our own testing, during which we observed a JavaScript file with a randomized filename being loaded by LinkedIn’s website.
This script checked for 6,236 browser extensions by attempting to access file resources associated with a specific extension ID, a known technique for detecting whether extensions are installed.
This fingerprinting script was previously reported in 2025, but it was only detecting approximately 2,000 extensions at that time. A different GitHub repository from two months ago shows 3,000 extensions being detected, demonstrating that the number of detected extensions continues to grow.
Advertisement
Snippet of the list of extensions scanned for by LinkedIn’s script Source: BleepingComputer
While many of the extensions that are scanned for are related to LinkedIn, the script also strangely detected language and grammar extensions, tools for tax professionals, and other seemingly unrelated features.
The script also collects a wide range of browser and device data, including CPU core count, available memory, screen resolution, timezone, language settings, battery status, audio information, and storage features.
Gathering information about visitors’ devices Source: BleepingComputer
BleepingComputer could not verify the claims in the BrowserGate report about the use of the data or whether it is shared with third-party companies.
However, similar fingerprinting techniques have been used in the past to build unique browser profiles, which can enable tracking users across websites.
LinkedIn denies data use allegations
LinkedIn does not dispute that it detects specific browser extensions, telling BleepingComputer that the info is used to protect the platform and its users.
However, the company claims the report is from someone whose account was banned for scraping LinkedIn content and violating the site’s terms of use.
Advertisement
“The claims made on the website linked here are plain wrong. The person behind them is subject to an account restriction for scraping and other violations of LinkedIn’s Terms of Service.
To protect the privacy of our members, their data, and to ensure site stability, we do look for extensions that scrape data without members’ consent or otherwise violate LinkedIn’s Terms of Service.
Here’s why: some extensions have static resources (images, javascript) available to inject into our webpages. We can detect the presence of these extensions by checking if that static resource URL exists. This detection is visible inside the Chrome developer console. We use this data to determine which extensions violate our terms, to inform and improve our technical defenses, and to understand why a member account might be fetching an inordinate amount of other members’ data, which at scale, impacts site stability. We do not use this data to infer sensitive information about members.
For additional context, in retaliation for this website owner’s account restriction, they attempted to obtain an injunction in Germany, alleging LinkedIn had violated various laws. The court ruled against them and found their claims against LinkedIn had no merit, and in fact, this individual’s own data practices ran afoul of the law.
Advertisement
Unfortunately, this is a case of an individual who lost in the court of law, but is seeking to re-litigate in the court of public opinion without regard for accuracy.”
❖ LinkedIn
LinkedIn claims the BrowserGate report stems from a dispute involving the developer of a LinkedIn-related browser extension called “Teamfluence,” which LinkedIn says it restricted for violating the platform’s terms.
In documents shared with BleepingComputer, a German court denied the developer’s request for a preliminary injunction, finding that LinkedIn’s actions did not constitute unlawful obstruction or discrimination.
Advertisement
The court also found that automated data collection alone could infringe upon LinkedIn’s terms of use and that it was entitled to block the accounts to protect its platform.
LinkedIn argues the BrowserGate report is an attempt to re-litigate that dispute publicly.
Regardless of the reasons for the report, one point is undisputed.
LinkedIn’s site uses a fingerprinting script that detects over 6,000 extensions running in a Chromium browser, along with other data about a visitor’s system.
Advertisement
This is not the first time that companies have used aggressive fingerprinting scripts to detect programs running on a visitor’s device.
While eBay never confirmed why they were using these scripts, it was widely believed that they were used to block fraud on compromised devices.
It was later discovered that numerous other companies were using the same fingerprinting script, including Citibank, TD Bank, Ameriprise, Chick-fil-A, Lendup, BeachBody, Equifax IQ connect, TIAA-CREF, Sky, GumTree, and WePay.
Advertisement
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
Satya Nadella in November 2016, in his honeymoon period as Microsoft CEO. (GeekWire File Photo)
[Editor’s Note: We’re excited to welcome Mary Jo Foley as a GeekWire contributor. Mary Jo has been one of the sharpest watchers of Microsoft for many years, currently as Editor in Chief at Directions on Microsoft, an IT planning and advisory service. She’ll be offering her take for GeekWire periodically on the latest developments in Redmond, starting with this piece.]
Reorgs are a way of life at Microsoft. But the pace of them over the last couple of months has led many to wonder what the heck is happening in Redmond — especially when coupled with the company’s stock price having its worst quarter in years.
During the past couple of months, Microsoft has made a noticeable number of organizational changes:
Is this just the usual Microsoft fiscal-year-end housekeeping, or is something different? A blip that will pass, or a new AI-centric reality for the Satya Nadella era?
It’s a mix of both, I’d argue.
The current wave of churn, at least in part, can be attributed to Microsoft’s corporate calendar. Its fourth quarter ends June 30 and new fiscal year kicks off on July 1. Microsoft often reorgs and does layoffs in the months leading up to this as a way to reset for the coming year.
Advertisement
The company also is taking actions to reduce hierarchy and make the corporate structure flatter, as are a number of tech companies, in the hopes of becoming nimbler.
A year ago, Chief Financial Officer Amy Hood proclaimed that Microsoft was “increasing our agility by reducing layers with fewer managers.” With moves like replacing 35-year veteran Executive Vice President Jha with a new gang of four, rather than just another single uber-boss, Microsoft is following through on those promises.
It’s not all mundane matters at play, however.
Thanks to AI, the way companies are prioritizing and following through on their strategies is different. Microsoft isn’t immune to the market’s jitters around capex overspending on AI when ROI still remains questionable. Its no-longer-exclusive partnership with OpenAI has people inside and outside the company worried, too, as does the fact that a whopping 45 percent of its unfulfilled Azure backlog last quarter was attributable to OpenAI.
Advertisement
Investor pressure on the company to keep its Azure business growing during a time of admitted capacity challenges also can’t be dismissed as contributing to the current churn. As a result, Microsoft travel budgets, new-hire spending, and investments in unproven areas are all on the chopping block.
Almost nothing (except towels, maybe) is immune from scrutiny with the goal of freeing up more dollars to pay for AI and cloud build-out.
But those reasons alone may not be enough to explain why Microsoft is looking like the least magnificent of the so-called Magnificent Seven tech leaders right now.
Microsoft continues to struggle in the consumer space, and not just with Xbox. Most of the company’s revenues have been and continue to be from sales to commercial customers. That consumer weakness is especially apparent when it comes to AI.
Advertisement
Microsoft recently disclosed only 3 percent of its Microsoft 365 customers are paying for Microsoft 365 Copilot. But its adoption rate for its consumer Copilot is even worse, and far lower than the rates for OpenAI’s ChatGPT and Google Gemini.
Suleyman’s reassignment came later than some expected (and hoped), given the starts and stops with Microsoft’s consumer AI efforts. Mico, a ghost-like Clippy wannabe, seems to be in limbo. Microsoft’s push to make voice one of the main ways users interact with AI on their PCs, when people don’t talk to PCs like they do phones, seems to be falling flat.
Meanwhile, the Windows organization is trying to right the ship by backing out of some of its over-zealous AI plans. Instead of trying to force AI into Notepad and Photos, execs said they instead will focus on some top consumer requests, ranging from taskbar customization, to adding the ability to pause updates at will.
Advertisement
Microsoft shows no signs of giving up on the consumer space. Maybe new blood will find new ways to harness the company’s enterprise tactics to boost its consumer share? If not, there’s always the next reorg. …
A British political adviser’s stolen iPhone leads to a scandal, pro athletes fall for an iCloud scam, and iCloud evidence is used against a man accused of stalking the FBI director’s girlfriend, all in this week’s Apple Crime Blotter.
The Alderwood Apple Store in Washington. Image Credit: Apple
A study from researchers at UNC Chapel Hill and Georgia Tech shows that GDDR6-based Rowhammer attacks can grant kernel-level access to Linux systems equipped with GPUs based on Nvidia’s Ampere and Ada Lovelace architectures. The vulnerability appears significantly more severe than what was outlined in a paper last year. Read Entire Article Source link
The Congressional Medal of Honor is the United States’ highest award for military valor. In its more than 150-year history, only 3,552 individuals have received it. Originally conceived as a way to honor enlisted seamen and marines who performed distinguished acts of service during the Civil War, the medal now honors service members who distinguish themselves “conspicuously by gallantry and intrepidity at the risk of his life above and beyond the call of duty.”
The medal was awarded much more frequently before World War I, with that time period accounting for almost 3,000 of the total awards. World War I, during which almost 5 million Americans served in uniform, resulted in only 121 Medal of Honor recipients. Some were awarded posthumously, but one recipient, Frank Crilley, was honored in 1929.
Crilley joined the United States Navy in 1900, when he was only 16 years old. By 1915, he was a Chief Gunner’s Mate in the experimental diving team, a renowned but dangerous position. A WWI U.S. Navy submarine, the USS F-4, sank in March of that year with all 21 crewmen aboard. This was the first American submarine lost at sea, and the Navy wanted to raise F-4 from its final resting place just off the coast of Honolulu, Hawaii to find out what went wrong. It turned to Frank Crilley for help. To complete the mission, Crilley dove more than 300 feet down to the sub — which is 170 feet deeper than a recreational diver can get today.
Advertisement
Frank Crilley was honored for his bravery in a diving mission
Majordesigns/Getty Images
Frank Crilley made his first dive to the USS F-4 in mid-April 1915 along with four other divers. They brought a recompression chamber and a physician, along with the standard diving gear, with them. Crilley hit 304 feet on that dive, a depth record that stood for a quarter of a century. The sub was found upright on the ocean floor, and cables would be required to raise the sub. This process was a challenge because it took three hours to descend and ascend from that depth.
During a subsequent dive, one of Crilley’s fellow teammates, William K. Loughman, became tangled when a ground swell caused the sub to turn over. He was stuck at about 275 feet, and Crilley volunteered for a rescue mission. After more than two hours in the depths, Crilley emerged with his teammate alive. Eventually, the Navy managed to raise F-4 and found that it sank due to corrosion of the lead lining of the battery tank, which eventually led to a loss of depth control.
Advertisement
Crilley had a long career with the Navy and was awarded the Medal of Honor in 1929, 14 years after his heroic rescue. Several other service members have received the Medal of Honor for deep diving, including Owen Hammerberg, who engaged in rescue operations after an incident in Pearl Harbor in 1945, almost four years after the Japanese attack on the naval base. Hammerberg, who rescued two fellow divers that were trapped during a salvage operation, received the award posthumously after he died.
Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year.
In this type of attack, the threat actor sends a device authorization request to a service provider and receives a code, which is sent to the victim under various pretexts.
Next, the victim is tricked into entering the code on the legitimate login page, thus authorizing the attacker’s device to access the account through valid access and refresh tokens.
This flow was designed to simplify connecting devices that do not have accessible input options (e.g., IoT devices, printers, streaming devices, and smart TVs).
Advertisement
Device code phishing flow Source: Push Security
The device code phishing technique was first documented in 2020, but malicious exploitation was recorded a few years later, and has been used by both state-hackers and financially-motivated ones [1, 2, 3, 4].
Researchers at Push Security observed a massive increase in the use of these attacks, warning that they have been widely adopted by cybercriminals.
“At the start of March (2026), we’d observed a 15x increase in device code phishing pages detected by our research team this year, with multiple kits and campaigns being tracked — with the kit now identified as EvilTokens the most prominent. That figure has now risen to 37.5x.” – Push Security
Earlier this week, threat detection and response company Sekoia published research on the EvilTokens phishing-as-a-service (PhaaS) operation. The researchers underline that it is a prominent example of a phishing kit that “democratizes” device code phishing, making it available to low-skilled cybercriminals.
Push agrees that EvilTokens has been a major driver of the technique’s mainstream adoption, but notes that there are several other platforms competing on the same market, which could become more prominent in the event of law enforcement disrupting EvilTokens:
Advertisement
VENOM – A closed-source PhaaS kit offering both device code phishing and AiTM capabilities. Its device code component appears to be an EvilTokens clone.
SHAREFILE – A kit themed around Citrix ShareFile document transfers, using node-based backend endpoints to simulate file sharing and trigger device code flows.
CLURE – A kit using rotating API endpoints and an anti-bot gate, with SharePoint-themed lures and backend infrastructure on DigitalOcean.
LINKID – A kit leveraging Cloudflare challenge pages and self-hosted APIs, using Microsoft Teams and Adobe-themed lures.
AUTHOV – A workers.dev-hosted kit using popup-based device code entry and Adobe document-sharing lures.
DOCUPOLL – A kit hosted on GitHub Pages and workers.dev that mimics DocuSign workflows, including injected replicas of real pages.
FLOW_TOKEN – A workers.dev-hosted kit using Tencent Cloud backend infrastructure, with HR and DocuSign-themed lures and popup-based flows.
PAPRIKA – An AWS S3–hosted kit using Microsoft login clone pages with Office 365 branding and a fake Okta footer.
DCSTATUS – A minimal kit with generic Microsoft 365 “Secure Access” lures and limited visible infrastructure markers.
DOLCE – A Microsoft PowerApps-hosted kit with Dolce & Gabbana–themed lures, likely a one-off or red-team-style implementation rather than widely used.
It should be noted that other than Venom and EvilTokens, the names of the other phishing kits were given by Push researchers to track the malicious activity.
Push Security also published a video showing how the DOCUPOLL kit works. The threat actor uses DocuSign branding and a lure for an alleged contract, asking the victim to sign into the Microsoft Office application.
In total, there are at least 11 phishing kits offering cybercriminals this type of attack, all using realistic SaaS-themed lures, anti-bot protections, and abusing cloud platforms for hosting.
To block device-code phishing attacks, Push Security suggests that users disable the flow when not needed by setting conditional access policies on their accounts.
Advertisement
It is also recommended to monitor logs for unexpected device code authentication events, unusual IP addresses, and sessions.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
You must be logged in to post a comment Login