CVE Tools
Back to feed
Cisco Talos ·EN Vendor research

Catan and Mouse

By William Largent··5 min read
CVE Tools coverage

Cisco Talos highlights ARToken, a phishing-as-a-service operator panel for Microsoft 365 focused on device code phishing, Primary Refresh Token (PRT) persistence, email access/BEC operations, and SharePoint exfiltration—capabilities exposed through 80+ API endpoints. Separately, Talos notes that a recently reported authentication bypass in SimpleHelp remote monitoring and management (RMM), tracked as CVE-2026-48558, has been exploited in the wild to obtain a fully authenticated technician session for malware delivery. These findings matter because they indicate both increasing maturity in credential/theft-driven phishing tooling and active exploitation of authentication weaknesses.

Thursday, July 2, 2026 14:00

Welcome to this week’s edition of the Threat Source newsletter.  

“I do not know everything; still many things I understand.”
― Madeleine L'Engle, A Wrinkle in Time

“Don't try to comprehend with your mind. Your minds are very limited. Use your intuition.”
― Madeleine L'Engle, A Wind in the Door…

Continue reading on Cisco Talos