What is VENOM phishing ?

VENOM's a stealth PhaaS kit targeting C-suite Microsoft creds via personalized QR codes in fake SharePoint emails. Active since November, closed-access.

How to protect against VENOM attacks?

Switch to FIDO2 keys, disable device-code auth, tighten conditional access. Train execs on QR risks — no scanning unknowns.

Nope. It proxies MFA, steals tokens. AiTM owns you.

🎯 Threat Intelligence

VENOM Phishing: QR Codes That Hijack C-Suite Microsoft Logins

Phishing was supposed to be dead. Then VENOM showed up, QR-coding its way into exec Microsoft accounts. Buckle up.

theAIcatchup Apr 09, 2026 3 min read

QR code phishing lure impersonating Microsoft SharePoint for VENOM attacks

⚡ Key Takeaways

VENOM uses QR codes and URL fragments to evade detection and target exec Microsoft logins. 𝕏
MFA fails against AiTM and device-code tactics; FIDO2 is essential. 𝕏
Closed-access PhaaS signals sophisticated, spreading threat to C-suites. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#C-suite credential theft #Microsoft phishing #PhaaS attacks #VENOM phishing

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Bleeping Computer

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

Microsoft Device Code Phishing Ravages Hundreds Daily

EvilTokens: Phishing's Drag-and-Drop Nightmare for Microsoft Logins

$21 Billion Vanishes: FBI's Grim Cybercrime Tally for 2025

Quantum Encryption's Deadline Just Slipped to 2030

Stay in the loop