identity
No malware required: device-code phishing + Teams as the intrusion surface
No malware. Still owned. 🧾🔑💬 Device-code phishing + Teams as the “lobby” + stolen OAuth tokens = API-speed SaaS exfil. If you’re hunting binaries, you’re late.
identity
![[DEEP RESEARCH] Token Factory: The 5 Costliest US Breaches of 2025](/content/images/size/w600/2026/01/z.png)
breaches
[DEEP RESEARCH] Token Factory: The 5 Costliest US Breaches of 2025
2025’s costliest US breaches: identity, outage math, outcomes Identity-led intrusions at distributors, govtech, healthcare, and an appliance vendor drove nine-figure losses. Outage duration and revocation speed determined the spread between disruption and recovery.
![[DEEP RESEARCH] Zero-Days Are a Distraction: 2025’s Biggest Losses Were Stolen Tokens + OAuth](/content/images/size/w600/2025/12/zz-3.png)
sass
[DEEP RESEARCH] Zero-Days Are a Distraction: 2025’s Biggest Losses Were Stolen Tokens + OAuth
Most downtime and spend stemmed from OAuth/SaaS abuse and edge appliances—not catastrophic zero-days. Here’s what drove real operating impact and the fastest ways to shrink it.
oauth
Zero-Days Are a Distraction: 2025’s Biggest Losses Were Stolen Tokens + OAuth
Zero-days get the headlines. Stolen tokens + OAuth consent abuse get the invoices. 🧾🔑😈 2025 pain = AiTM/device-code phishing + token replay + KEV-speed edge fires.