Red TeamThreat TrendsMar 28, 20267 min read

Open Redirect Chains Still Enable Credential Theft at Scale

Defenders can limit impact by tightening redirect governance and expanding URL detonation context in triage.

By Rachel Okafor

Trend Snapshot

Despite years of awareness, open redirects remain embedded in phishing delivery chains. Campaign operators leverage trusted brand domains as initial click points, then hand off users to credential collection pages through multiple redirect hops.

Why Defenders Care

Blue teams that inspect complete URL chains observed more consistent detection outcomes than those evaluating only first-hop domains. Redirect-aware telemetry also improved retrospective hunt quality.

Adversary Playbook

Application security teams play a direct role in phishing resilience by reducing exploitable redirect endpoints. Shared ownership between AppSec and SOC functions lowered campaign success in organizations that treated redirect abuse as a defensive priority.

Defender Takeaway

Audit and remediate open redirects as part of phishing defense, and enrich triage with full redirect-chain context.

Dissecting Sapphire Sleet's macOS intrusion from lure to compromiseMicrosoft Security Blog

Field Analysis

Red TeamThreat TrendsApr 24, 20269 min read

Approval Fatigue Becomes the New Credential Theft Front Door

Attackers are blending push prompts, urgent collaboration lures, and identity fatigue to move users from suspicion to accidental approval.

By Jonah Patel

Field Analysis

Red TeamThreat TrendsApr 19, 20268 min read

Credential Harvesting Kits Adopt Device-Bound Session Replay Tactics

New phishing kits are pivoting from simple password theft to real-time token capture and replay workflows targeting modern MFA deployments.

By Jonah Patel

Trend Snapshot

Why Defenders Care

Adversary Playbook

Defender Takeaway

Read More

Share

Related Coverage