Fortra

CalPhishing Scam Uses EvilTokens Kit, Outlook Invites to Steal M365 Sessions

2 minute read

Security
Phishing Scam
Scams and Fraud

CalPhishing Scam Uses EvilTokens Kit, Outlook Invites to Steal M365 Sessions

Hackers are exploiting Outlook calendar invites and device code phishing to steal M365 session tokens, bypass MFA and breach enterprise accounts.

byDeeba Ahmed

May 15, 2026

Critical CVSS 10 Flaw in GoAnywhere File Transfer Threatens 20,000 Systems

3 minute read

Security

Critical CVSS 10 Flaw in GoAnywhere File Transfer Threatens 20,000 Systems

Urgent warning for Fortra GoAnywhere MFT users. A CVSS 10.0 deserialization vulnerability (CVE-2025-10035) in the License Servlet allows command injection. Patch to v7.8.4 immediately to prevent system takeover.

byDeeba Ahmed

September 25, 2025

The Latest

10 Top OSINT Tools Every Investigator Should Know in 2026

New Reaper Malware Uses Fake Microsoft Domain to Steal macOS Passwords

10 Tips for Phrasing Employee Feedback in Reviews

Government Backed Hackers Abuse Cloudflare in Malaysian Espionage Campaign

Fortra

CalPhishing Scam Uses EvilTokens Kit, Outlook Invites to Steal M365 Sessions

Critical CVSS 10 Flaw in GoAnywhere File Transfer Threatens 20,000 Systems

Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program

LuxSci Launches Enterprise-Grade HIPAA-Compliant Email Security for Mid-Sized Healthcare Organizations

Criminal IP and Securonix ThreatQ Collaborate to Enhance Threat Intelligence Operations

Brinker Introduces a Novel Approach to Deepfake Detection

BreachLock Named Representative Vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation