Threat actors are achieving high success rates in phishing campaigns by abusing HTTP client tools like Axios and Microsoft Direct Send to bypass security measures. This combination allows for real-time session/MFA token capture and leverages a trusted delivery channel, resulting in a 70% success rate. Advanced PhaaS kits like Salty 2FA further enhance these efforts with sophisticated evasion techniques.
Latest mentioned: 09-09
Earliest mentioned: 09-09