ShadowTalk: Powered by ReliaQuest

Device Code, OAuth, PhaaS: How Session Token Theft is Breaking the Phishing Playbook

May 27, 2026·29 min
Episode Description from the Publisher

Your user clicked a link, landed on a real Microsoft login page, typed their password, completed MFA, and walked away thinking nothing happened. Somewhere across the internet, an attacker's device just received an authenticated session token. The password is irrelevant. The MFA prompt already fired and passed. With PhaaS platforms now converging on token-theft tradecraft and post-compromise automation executing in seconds, defenders are racing a scripted attacker with a manual playbook. Join ...

Podzilla Summary coming soon

Sign up to get notified when the full AI-powered summary is ready.

Get Free Summaries →

Free forever for up to 3 podcasts. No credit card required.

Listen to This Episode

Apple Podcasts

More from ShadowTalk: Powered by ReliaQuest

SonicWall, MFA Bypass, IABs: Why Patched Devices Are Still Handing Attackers Initial Access

June 3, 2026·20 min

SQLite, Mistral, OpenAI: How AI Attacks Are Reshaping the Attack Surface

May 20, 2026·19 min

Canvas, Trellix, Mini Shai-Hulud: How Defenders Respond When Supply Chain Attacks Become Weekly

May 13, 2026·31 min

Akira, ShinyHunters, and The Gentlemen: Extortion Lessons From Early 2026

May 6, 2026·34 min
View all episodes →

Get summaries like this every morning.

Free AI-powered recaps of ShadowTalk: Powered by ReliaQuest and your other favorite podcasts, delivered to your inbox.

Get Free Summaries →

Free forever for up to 3 podcasts. No credit card required.