Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3871 articles · 169612 vulns · 37/41 feeds (7d)
← Back to list
EST
PRE-CVE

ARToken: Inside an EvilTokens affiliate panel targeting Microsoft 365

56% confidence

Description

Cisco Talos identified a fully-featured phishing-as-a-service (PhaaS) operator panel, branded "ARToken," that shares infrastructure, API contracts, and operational patterns with the EvilTokens platform documented by Sekoia and Microsoft in early 2026. The ARToken panel exposes 80+ API endpoints for device code phishing, Primary Refresh Token (PRT) persistence, email access, business email compromise (BEC) operations, and SharePoint exfiltration — all accessible to operators thro

Related News (2 articles)

Tier D
Help Net Security4h ago
The ARToken phishing panel targets Microsoft 365 accounts
→ No new info (linked only)
Tier C
Cisco Talos4h ago
ARToken: Inside an EvilTokens affiliate panel targeting Microsoft 365
→ No new info (linked only)
CISA KEV❌ No
Actively exploited❌ No
PublishedJul 1, 2026
Last enriched4h ago
Trending Score31
Source articles2
Independent2
Info Completeness2/14
Missing: cve_id, vendor, product, versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Pin to Dashboard

Verification

State: reported
Confidence: 56%

Vulnerability Timeline

CVE Published
Jul 1, 2026
Discovered by ZDM
Jul 1, 2026