
Device Code, OAuth, PhaaS: How Session Token Theft is Breaking the Phishing Playbook
From ShadowTalk: Powered by ReliaQuest by ReliaQuest
May 27, 2026 · 29 min
About this episode
The episode discusses how session token theft is undermining traditional phishing defenses.
Your user clicked a link, landed on a real Microsoft login page, typed their password, completed MFA, and walked away thinking nothing happened. Somewhere across the internet, an attacker's device just received an authenticated session token. The password is irrelevant. The MFA prompt already fired and passed. With PhaaS platforms now converging on token-theft tradecraft and post-compromise automation executing in seconds, defenders are racing a scripted attacker with a manual playbook. Join ...
Topics covered
- session token theft
- phishing
- cybersecurity
- MFA
- PhaaS
- token-theft tradecraft
Keywords
- session token
- phishing
- MFA
- PhaaS
- cybersecurity
- token theft
- authentication
Mentioned in this episode
Organizations: Microsoft, PhaaS
Products: MFA
More episodes of ShadowTalk: Powered by ReliaQuest
- China-Linked Cyber Espionage: How OP-512 Exploited Legacy IIS Servers and Evaded Detection · June 10, 2026 · 23 min
- SonicWall, MFA Bypass, IABs: Why Patched Devices Are Still Handing Attackers Initial Access · June 3, 2026 · 21 min
- SQLite, Mistral, OpenAI: How AI Attacks Are Reshaping the Attack Surface · May 20, 2026 · 20 min
- Canvas, Trellix, Mini Shai-Hulud: How Defenders Respond When Supply Chain Attacks Become Weekly · May 14, 2026 · 32 min
- Akira, ShinyHunters, and The Gentlemen: Extortion Lessons From Early 2026 · May 6, 2026 · 35 min
- What Happened to Black Basta's Playbook? The Automated Teams Phishing Threat Hitting Executives · April 29, 2026 · 27 min
Explore listener stats, chart rankings, contacts and more on the ShadowTalk: Powered by ReliaQuest podcast page.