Security Weekly Podcast Network (Video) DexterBot, Darksword, Eviltokens, Tubular Bells, Claude, Drift, Gmail, Josh Marpet... - SWN #569
Apr 3, 2026
Coverage of a new iOS patch for Darksword spyware and a deep dive into EvilTokens stealing OAuth identities. Discussion of a Microsoft 365 campaign using QR and device-code attacks to bypass MFA. Reports on a massive Drift DeFi heist tied to North Korean actors and complex supply‑chain attacks on NPM. Notes on Gmail allowing address changes and LLMs resisting deletion.
AI Snips
Chapters
Transcript
Episode notes
Upgrade Identity Practices To Defeat Token Thefts
- Move beyond legacy identity patterns because phishing plus token theft neutralizes typical MFA and login prompts.
- Re-evaluate authentication flows and consider stronger identity models to counter AITM and device-code abuses.
Phishing Campaigns Now Break Microsoft MFA
- A spear-phishing campaign targeted Microsoft 365 logins using HTML QR codes and AITM techniques to bypass MFA.
- Attackers register new MFA devices or use device-code flows to seize account access and replace victims' MFA.
Criminals Offer Full-Service Attack Platforms
- Venom is a full-service criminal offering that automates device-code and AITM attacks with dashboards and support.
- Such commoditization lowers attacker barrier-to-entry and professionalizes account compromise operations.