Detection & Validation

Chrome's Device Bound Session Credentials, now generally available and on by default for Workspace, tie session cookies to a device's security chip so a stolen cookie is useless off the machine it came from. Here is what it stops and what it does not.

Read more:Google Security BlogBleepingComputer

By PhishPond Desk

• #Detection & Validation
• #Session Hijacking
• #Infostealers

GitHub's staged publishing and new npm install-source controls give maintainers practical ways to slow compromised CI/CD paths before a malicious package becomes installable.

Read more:GitHub ChangelogCISA

By PhishPond Desk

• #Detection & Validation
• #Supply Chain
• #Developer Security

A static permission review cannot catch a trusted integration whose token is later stolen or whose behavior changes.

Read more:The Hacker NewsMicrosoft Learn

By PhishPond Desk

• #OAuth
• #Detection Engineering
• #API Security

Restricting new consent is only half the work. Existing app grants need review, ownership, and a path to removal when risk changes.

Read more:Microsoft LearnMicrosoft Learn

By PhishPond Desk

• #OAuth
• #Microsoft Entra
• #Google Workspace

The Salesloft Drift incident showed how a trusted integration token can become an access path into customer SaaS data without a fresh user login.

Read more:The Hacker NewsThe Hacker News

By PhishPond Desk

• #OAuth
• #Supply Chain
• #Salesforce

Persistent OAuth grants let third-party apps keep operating after the original login, password reset, or employee lifecycle event has faded from view.

Read more:The Hacker NewsMicrosoft Learn

By PhishPond Desk

• #OAuth
• #SaaS Security
• #Credential Theft

AitM kits proxy a real identity provider page, so brand and URL checks fail. The detectable artifacts live one layer down - in TLS handshake fingerprints, in the cookies the proxy must rewrite, and in the small page-side tells that betray the relay.

Read more:SekoiaMicrosoft Threat Intelligence

By PhishPond Desk

• #AitM
• #Detection Engineering
• #TLS

Enterprise identity teams are treating phishing-resistant authentication as an operating control, not a future-state roadmap item.

Read more:BleepingComputerBleepingComputer

By PhishPond Desk

• #Passkeys
• #MFA
• #Identity

Most M365 phishing incidents are decided in the first hour. This walkthrough lays out a 60-minute response chain from user report to refresh-token revocation and consent reversal.

Read more:Microsoft LearnMicrosoft Threat Intelligence

By PhishPond Desk

• #Incident Response
• #Entra ID
• #Token Theft

QR-based payload delivery continues to evade static scanning workflows and pushes users toward unmanaged mobile browsing paths.

Read more:Microsoft Security Blog

By PhishPond Desk

• #QR Phishing
• #Secure Email Gateway
• #Mobile Security

Detection teams are reducing alert fatigue by combining message artifacts with identity and endpoint context in tiered scoring pipelines.

Read more:Microsoft Security BlogCISA

By PhishPond Desk

• #Detection Engineering
• #SOC
• #Telemetry