Panther Modern

@panther_modern
725 Followers
216 Following
24 Posts

Professional Threatbutterer - he/him - 🤘😬 - I've spent the last 25 years in #IT, with the last 10 in #infosec #BlueTeam focused roles. I live and work in #Berlin.

I'm writing and illustrating a hard #scifi graphic novel about a group of antifascist hacktivists.

I'm an #antiracist and #antifascist.

PronounsHe/Him
Panther Modern5d ago
OTX Bot5d ago

Abusing OAuth Device Code Flow

In early 2026, phishing attacks remain a top threat vector in security operations. This analysis covers a novel attack method exploiting Microsoft's OAuth 2.0 Device Authorization Grant (Device Code Flow) to compromise user accounts. Attackers use phishing emails containing Mailchimp's Mandrill service links to bypass security controls, leading victims to fake Adobe-themed websites. The sites abuse legitimate Microsoft authentication mechanisms to obtain access and refresh tokens, granting persistent delegated access to critical resources like Graph API, Teams, Outlook, and SharePoint. The technique leverages shared client IDs across tenants and family of client IDs (FOCI) for lateral movement. Two variants exist: one using external phishing infrastructure with dynamic code generation, and another relying solely on fake meeting invitations containing pre-generated device codes. The attack is particularly effective as it uses legitimate Microsoft services, making detection challenging.

Pulse ID: 69e68ccac96ab3f866763f12
Pulse Link: https://otx.alienvault.com/pulse/69e68ccac96ab3f866763f12
Pulse Author: AlienVault
Created: 2026-04-20 20:30:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Adobe #CyberSecurity #Email #InfoSec #Microsoft #OTX #OpenThreatExchange #Outlook #Phishing #RAT #RCE #SMS #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
Panther ModernApr 12
So you're telling me the powers that be engineered the world economy to only function through infinite growth and the only way to do partial resets so it doesn't entirely collapse is to have gigantic wars?
Panther ModernApr 7

Trump is going to nuke Iran for sure.

He can get away with it, nobody will stop him, and nobody will retaliate on a nuclear level either.

If the Epstein Files couldn't bring Trump down, using a nuke certainly won't either.

Panther ModernApr 7

CROW FRIENDS UPDATE:

King Shit landed on my hand 6x today, AND, another bird _almost_ took a peanut off the top of my head while hovering above as I sat cross-legged.

I think maybe ~2-3 months and they may be sitting on my head.

Panther ModernApr 5
CROW FRIENDS UPDATE - KING SHIT PERCHED ON MY HAND AND ON MY ARM TODAY
Panther ModernApr 4
CROW FRIENDS UPDATE - The crow I call "King Shit" that has been jumping onto my knee for cashews ? That same crow _refused cashew from the hand today_ and waited until I put it on me knee so he could jump on it and take it - and did so four more times.
Panther ModernApr 4
BLOODHOUNDS (Netflix) s01e01 - this Korean gangster drama features a hacking scene with a mobile device implant. The C2 server control panel is shown, with HTTP 200 status codes as the victim accesses - they had good consultants for this show #infosec
Panther ModernApr 1

RE: https://mastodon.social/@panther_modern/116322970575031110

More good news, everyone!

"North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack"

https://cloud.google.com/blog/topics/threat-intelligence/north-korea-threat-actor-targets-axios-npm-package

Panther ModernMar 31

Good news, everyone!

https://opensourcemalware.com/blog/axios-compromised

#infosec