1 article
Security researchers published a technical analysis of REMUS, an infostealer-as-a-service platform that has rapidly evolved from simple credential harvesting to session token theft targeting enterprise SaaS applications. REMUS specifically targets Salesforce, Workday, ServiceNow, and Microsoft 365 session cookies to bypass MFA, and has been observed in initial access broker sales followed by ransomware deployments.