Tag
high
advisory
EvilTokens PhaaS Platform Leverages AI for Device Code Phishing Attacks
2 rules 2 TTPs 2 IOCsThe EvilTokens phishing-as-a-service (PhaaS) platform sold on Telegram is capable of launching device code phishing attacks at scale, leveraging AI to generate convincing and personalized lures, enabling aspiring cybercriminals to bypass traditional security measures, including MFA.
Microsoft 365 +6
phishing
device code phishing
AI
Telegram
2r
2t
2i
medium
advisory
OpenClaw Information Disclosure via Telegram Bot Token Exposure
2 rules 1 CVEOpenClaw before version 2026.3.13 exposes Telegram bot tokens in error messages due to the fetchRemoteMedia function embedding these tokens in MediaFetchError strings when media downloads fail.
information-disclosure
vulnerability
telegram
2r
1c
high
advisory
Suspicious DNS Queries to Telegram API by Non-Telegram Processes
2 rules 2 TTPs 1 IOCDetection of a process making DNS queries to the Telegram API domain, which is indicative of malware utilizing Telegram bots for command and control (C2) communications.
Splunk Enterprise +2
telegram
command-and-control
dns
windows
2r
2t
1i