惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
The Exploit Database - CXSecurity.com
V
Vulnerabilities – Threatpost
Google DeepMind News
Google DeepMind News
Attack and Defense Labs
Attack and Defense Labs
Webroot Blog
Webroot Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
TaoSecurity Blog
TaoSecurity Blog
I
Intezer
Application and Cybersecurity Blog
Application and Cybersecurity Blog
N
News | PayPal Newsroom
S
Security Affairs
T
Tor Project blog
P
Proofpoint News Feed
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
Security @ Cisco Blogs
H
Heimdal Security Blog
Hacker News: Ask HN
Hacker News: Ask HN
Help Net Security
Help Net Security
U
Unit 42
云风的 BLOG
云风的 BLOG
The Hacker News
The Hacker News
Cisco Talos Blog
Cisco Talos Blog
量子位
F
Full Disclosure
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 叶小钗
有赞技术团队
有赞技术团队
T
Troy Hunt's Blog
P
Privacy & Cybersecurity Law Blog
Forbes - Security
Forbes - Security
人人都是产品经理
人人都是产品经理
L
Lohrmann on Cybersecurity
Apple Machine Learning Research
Apple Machine Learning Research
Microsoft Security Blog
Microsoft Security Blog
博客园 - Franky
腾讯CDC
AI
AI
Last Week in AI
Last Week in AI
Latest news
Latest news
Google Online Security Blog
Google Online Security Blog
N
Netflix TechBlog - Medium
Engineering at Meta
Engineering at Meta
GbyAI
GbyAI
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
IT之家
IT之家
Martin Fowler
Martin Fowler
Blog — PlanetScale
Blog — PlanetScale
V2EX - 技术
V2EX - 技术
酷 壳 – CoolShell
酷 壳 – CoolShell

Forbes - Innovation

2 Personality Traits That Make Self-Control Easier, By A Psychologist Why Do Humans Have Fingerprints? Hint: It’s Not What You Think Booking.com Confirms Data Breach, Reservation PIN Codes Changed Why Major News Sites Are Blocking The Internet Archive’s Wayback Machine iPhone Fold Release Date: New Report Details Frustrating Apple News Comet Tracker: How To See Pan-STARRS And Three Planets On Wednesday NYT Mini Crossword Today: Tuesday, April 14 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Tuesday, April 14 (It’s A Little Unclear) Today’s Wordle #1760 Hints And Answer For Tuesday, April 14 Most Of The Microplastics In Urban Air Come From Tires Today’s Wordle #1759 Hints And Answer For Monday, April 13 NYT Mini Crossword Today: Monday, April 13 Hints And Answers NYT Pips Today: Hints, Answers And Walkthrough For Monday, April 13 The YC Chief Who Codes 10,000 Lines A Day Has A Simple Secret Samsung Expands One UI 8.5 Beta To More Galaxy Owners Why You Should Stop Using Your iPhone If It’s On This List Chamath Says Firms That Treat AI As A Strategy Hand Rivals Their Edge 3 Unexpected Habits Of Secure Couples, By A Psychologist The First Lamp That Folds Your Clothes Samsung’s Disappointing Price Update For Galaxy Phone Buyers 3 Subtle Signs Someone Is Falling In Love With You, By A Psychologist Do Mantis Shrimp See More Colors Than Humans? A Biologist Explains NYT Connections Answers Explained For Monday, April 13 (#1,037) NYT Connections Hints Today: Monday, April 13 Clues And Answers (#1,037) LEGO Luigi & Mach 8 (72050) Review: 2026’s Best Set Yet? Marc Andreessen Says AI Productivity Will Trigger A Hiring Boom 3D Printing Is The Ultimate Hack To Reduce Household Spending Apple iPhone Fold: Striking Design Revealed In Leaked Photos Apple Smart Glasses: New Leak Reveals A Major Design Twist To Beat Meta Tested: The AI Coming To The Rivian R2 Quordle Hints Today: Monday, April 13 Clues And Answers Companies And H-1B Employees Endure Immigration Waits At Consulates 3 Easy Ways To Turn Anxiety Into Sustained Focus, By A Psychologist Here’s The Most Affordable Humanoid Robot You Can Buy Now UFC 327 Results: 5 Biggest Takeaways From A Wild Night In Miami UFC 327 Results, Bonus Winners, Highlights And Reactions Dana White Announces Huge New Fight For UFC White House Today’s NYT Strands Hints, Spangram, Answers: Sunday, April 12 (Get Ready) Tesla ‘Model 2’ Rises From The Ashes Today’s Wordle #1758 Hints And Answer For Sunday, April 12 NYT Pips Today: Hints, Answers And Walkthrough For Sunday, April 12 Tyson Fury Vs. Arslanbek Mahkmudov Results: Highlights and Reaction NYT Mini Crossword Today: Sunday, April 12 Hints And Answers How Shadow AI Culture Is Destroying Your Business Venture Capital Funds That Market Like Startups Win More Deals Conor Benn Vs. Regis Prograis Results: Highlights and Reaction Samsung’s Disappointing Price Update For Galaxy Phone Buyers Artemis Reached The Moon. The Grid Can Reach The 21st Century A Biologist Explains How Archerfish Shoot Down Prey. Hint: Their Aim Rivals Human Throwing Is It Time For Apple To Forget About The MacBook Air NYT Connections Hints Today: Sunday, April 12 Clues And Answers (#1036) Trump’s 2027 Budget To Reshape U.S. Environmental And Energy Policy CDC Delays Reporting Of COVID-19 Vaccine Benefits—Here’s What To Know Oura Has Designed A Solution To A Big Smart Ring Problem Netflix’s Best New Show Has A Near-Perfect 95% Rotten Tomatoes Score Coachella 2026 Is Being Taken Over By Creator Streams Quordle Hints Today: Sunday, April 12 Clues And Answers This Startup Wants To Use AI To Help Digitize History How To Get The Best Shield In ‘Crimson Desert’ ‘Maul: Shadow Lord’ Sets Even More Star Wars Rotten Tomatoes Records 3 Ways Happy Couples Argue Differently, By A Psychologist Success For Leapmotor Might Have Negatives For Stellantis New Names Surface As Potential Rogue And Wonder Woman In The MCU And DCU 4 Reasons Artemis Mission Matters Even If You Think It Is Wasteful Fast ‘Crimson Desert’ Patch Adds New Moves, Shield Hiding And One Great Feature Why Do Humans Blush? An Evolutionary Biologist Explains The Signal We Can’t Control Apple iPhone Fold: Striking Design Revealed In Leaked Photos Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update iOS 26.4.1 Release: Crucial iPhone Feature Update Arrives, But No Security Fix Fury vs. Makhmudov Full Card, Ring Walk Times and How to Watch Can’t Stand Liquid Glass? This New Hidden iPhone Setting Is A Game-Changer Test-Driving The 2026 Changan Deepal S05: Italian Style Made In China NSA Warning—Reboot Your Internet Router Now Ways That Human-AI Collaboration Slides People Into ‘AI Brain Fry’ And Cognitive Downturns Stop Using These Networks—Google, NSA And TSA Warn NASA Changes Moon Plan: Landing Now Depends On SpaceX Or Blue Origin Samsung Expands One UI 8.5 Beta To More Galaxy Owners The Evolution Of Programmable Hardware At Xilinx NYT Mini Today: Saturday, April 11 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Saturday, April 11 (You’re Putting Me On) Splashdown! NASA’s Artemis II Returns To Earth After Moon Mission Attention Is All You Need. The Human Kind Is Still The One That Counts Today’s Wordle #1757 Hints And Answer For Saturday, April 11 NYT Pips Today: Hints, Answers And Walkthrough For Saturday, April 11 Android Circuit: Galaxy S27 Pro Emerges, Honor 600 Pre-Order Offers, Pixel 11 Display Leaks Apple Loop: iPhone 18 Pro Leak, Urgent iOS Update, MacBook Neo Issues Morgan Stanley Has Mostly Positive Outlook On Tesla Robotaxi, FSD V15 Running Out Of AI Tokens Faster Than Ever? Here’s Why CoreWeave Shares Pop 13% After Anthropic Deal ‘Euphoria’ Season 3’s Rotten Tomatoes Score Crashes, Has Lost Key Player People Don’t Agree On What AI Can Do, But They Don’t Even Use The Same Product ‘Overwhelming’—Google Issues Gemini Update For Gmail Users NYT Connections Hints Today: Saturday, April 11 Clues And Answers (#1035) Quordle Hints Today: Saturday, April 11 Clues And Answers The Costly Dream Of Space-Based AI Infrastructure Can You See The Watcher In This ‘Daredevil: Born Again’ Shot? Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update You Just Watched The Backdoor Pilot For ‘The Pitt: Night Shift’ Are Nicotine Pouches Like Zyn And VELO Safe To Use? A Doctor Answers Human Resources (HR) Is The Key To AI Success Per WalkMe ( SAP)
Microsoft Venom Attack Targets C-Suite Executives
Davey Winder · 2026-04-11 · via Forbes - Innovation
King cobra snake attack and skull isolated on green background.

Company executives warned of Microsoft Venom attacks.

getty

As if life in the C-Suite wasn’t stressful enough, it has now been confirmed that chief executive officers, chief financial officers and vice president-level executives have been targeted since November 2025 by a previously undocumented Microsoft SharePoint-exploiting attack platform called Venom. These attacks have not harvested their targets randomly; rather, victims across at least 20 industry verticals have been selected by name. Here’s what you need to know about Venom, which, threat intelligence analysts said, “operates through a rotating pool of compromised business email accounts.”

ForbesAdobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update

C-Suite Attack Warning—Venom Unleashed Using Microsoft SharePoint Notifications

It is not unusual, truth be told, for threat actors to target senior executives, including C-suite members, in attacks. I mean, if you can compromise an account belonging to one of the top dogs, you will likely have hit very valuable data pay dirt. Nor, for that matter, is it unusual for phishing to be a primary route to such compromise. Researchers at BlackFog were first to publish a report on the Venom stealer platform. But what makes Venom technically distinct, according to the threat intelligence experts at Abnormal AI who have analyzed it in depth, is everything from “an email engineered to defeat every layer of automated analysis, to a credential harvester that enrolls an attacker-controlled MFA device before the target’s browser has moved on.” This phishing-as-a-service platform, hired out to paying criminal customers, although not appearing to be advertised in any open seller criminal marketplaces or underground forums, impersonates Microsoft SharePoint document-sharing notifications and targets C-Suite members by name. That Venom is, it would seem, a closed-access platform that is only being distributed through highly vetted criminal channels, only serves to make it all the more concerning.

Like most phishing attacks, Venom operators begin with an email. A highly-targeted one, addressing C-Suite victims by name, and delivered by way of a rotating pool of compromised business email accounts. While impersonating a SharePoint document-sharing notification, the email purports to be an internal company alert from the SharePoint environment and includes a QR code for scanning to gain access.

Venom attack QR code.

Abnormal AI

Abnormal AI’s report explained that personalization is one layer of the email’s design, but it also employs others to evade detection. “To evade signature-based detection, every email contains throwaway HTML elements whose values are randomized on each send,” the report confirmed, “ensuring no two emails produce the same hash or string match.” There’s even an entirely fake email message thread included below the visible lure. “The thread is built around the target,” the report continued, “their email prefix is parsed into a display name, placed in the ‘From’ field of each message, and accompanied by a generated signature block containing their name, a fabricated phone number, their real email address, and their real company website.” A randomly-generated persona is the supposed correspondent, while message bodies are created using meeting proposal, business dissolution request or fake financial table templates. Not only is this a way of fooling the recipient into thinking the email is genuine, but it also fools spam classifiers. For all intents and purposes, the email is a perfectly legitimate corporate communication.

The QR code, if the victim is determined not to be a bot or malware detector, leads to a credential harvesting page which can present “their organization's logo, their own email address pre-filled, and if their account is federated, their actual IdP login page rather than a generic Microsoft form,” the analysis warned, adding “The experience is indistinguishable from a genuine sign-in because it is, in every visible respect, genuine.” When in Device Code mode, Abnormal Ai went on to confirm, the victim doesn’t even see a login form at all, but rather something purporting to be a Docusign notification. Copy a code, click through to Microsoft and approve the apparently routine device sign-in request. “That approval is the attack,” the Abnormal AI said, “.Microsoft authenticates the target against its own infrastructure and delivers the resulting access and refresh tokens directly to the attacker's polling backend.’ Which means, ultimately, that there is no credential form to detect, no proxy to identify, and no MFA to intercept. Genius. Evil genius.

ForbesAngry Hacker Drops Microsoft Zero-Day Exploit, 1 Billion Users WarnedBy Davey Winder

“Once a cookie session is stolen,” Brian Bell, CEO of FusionAuth, said, “MFA becomes irrelevant. No password, no second factor–just a valid session your system already trusts.” If you’re not enforcing continuous validation, short-lived sessions, device context, and real-time revocation, Bell advised, attackers won’t need to break in as they will already be inside. “Venom makes one thing clear: credential rotation is not a recovery strategy. If the attacker is still on the endpoint, you’re just handing them new keys.” Identity infrastructure can no longer be about recovering from a breach, but rather must be about operating securely during a breach “through short-lived, tightly scoped tokens and continuous validation,” Bell concluded, “without that, organizations are not actually removing the risk.”

Now you know about Venom and the Microsoft SharePoint lure, so make sure to act accordingly if you get one.