Norton A.I CyberSecurity Scoring
Norton
Company Information
Website:http://us.norton.com
Employees number:None
Number of followers:5,510
NAICS:5112
Industry Type:Software Development
Homepage:norton.com
Norton Risk Score (AI oriented)
Between 550 and 599
NortonSoftware Development
Updated:
26/06/2026
26/06/2026
587/1000
Very Poor
Ca
Norton Global Score (TPRM)
xxxx
NortonSoftware Development
Score locked

NortonVery Poor
Current Score
587Ca (VERY POOR)
01000
3 incidents
-88.5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
589
JUNE 2026
607
Cyber Attack
26 Jun 2026 • Norton
PayPal, Shopify, McAfee, Norton and Apple: Scammers Abuse Shopify to Send Fake Invoices and Steal Credentials via Fake Support Calls
Scammers Exploit Shopify’s Shop App to Deliver Fake Invoices in Phishing Scheme
587
HIGH-20
NORPAYSHOAPPMCA1782469522
Scammers Exploit Shopify’s Shop App to Deliver Fake Invoices in Phishing Scheme
Security researchers Luis Corrons and Jakub Vavra from Gen have uncovered a rising trend of scammers abusing Shopify’s Shop order-tracking app to distribute fraudulent invoices directly within users’ purchase histories. Unlike traditional email phishing, this tactic leverages in-app social engineering, exploiting trust in a platform typically used for legitimate order tracking.
The scam involves fake receipts appearing in the Shop app, impersonating well-known brands such as Norton, McAfee, Apple, and PayPal. These fraudulent entries often labeled under generic seller names like “My Store” feature high-value items like antivirus subscriptions, smartphones, or gift cards to create urgency. Attackers embed fake support phone numbers in unusual fields, such as product descriptions or shipping addresses, where legitimate receipts would never include them.
When victims call the listed number, the attack escalates into voice phishing (vishing), with scammers posing as customer support to extract sensitive data including login credentials, payment details, or one-time passcodes. Some victims are also tricked into installing remote access software, granting attackers control over their devices.
The Shop app aggregates order data from sources like Gmail, Outlook, and Shop Pay, automatically scanning connected email accounts for shipping-related keywords. While the exact method of injecting fake orders remains unclear, potential vectors include email parsing manipulation, merchant workflow abuse, or loosely validated input fields. Importantly, there is no evidence of a breach in Shopify, the Shop app, or the impersonated brands this is an abuse of legitimate platform features rather than a direct compromise.
This campaign reflects a broader shift in phishing tactics, where attackers exploit contextual trust in familiar digital environments. Similar schemes have been observed in calendar invite scams and collaboration platform abuse, where the delivery channel itself lends credibility to the scam.
The emergence of in-app invoice fraud highlights the growing challenge for cybersecurity defenses, as malicious content becomes harder to detect when embedded within trusted ecosystems.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
MAY 2026
603
APRIL 2026
599
MARCH 2026
598
FEBRUARY 2026
595
JANUARY 2026
592
DECEMBER 2025
589
NOVEMBER 2025
742
Breach
28 Nov 2025 • Norton
23andMe Nets Approval for Bankruptcy Plan With Data Breach Deals
23andMe Data Breach and Bankruptcy Settlement
585
CRITICAL-157
23A1764346412
Fallen DNA testing firm 23andMe won court approval of a bankruptcy plan that includes settlements to provide up to $62 million to resolve thousands of data breach claims.
Judge Brian C. Walsh of the US Bankruptcy Court for the Eastern District of Missouri approved the plan in a Wednesday order, overruling most creditor objections and challenges from data breach victims.
Many of those former customers’ objections were deemed moot or premature, and several of them didn’t appear at a court hearing on the plan.
Objections from the Justice Department’s bankruptcy watchdog and a coalition of state attorneys general were resolved ...
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
OCTOBER 2025
742
SEPTEMBER 2025
741
AUGUST 2025
741
JANUARY 2025
754
Cyber Attack
01 Jan 2025 • Norton
Norton: Hackers Abuse OAuth Device Authorization Flow to Steal Microsoft 365 Tokens
Hackers Exploit Microsoft OAuth Feature in Large-Scale Credential Theft Campaigns
736
HIGH-18
NOR1778862436
Hackers Exploit Microsoft OAuth Feature in Large-Scale Credential Theft Campaigns
Since late 2024, cybercriminals have increasingly abused Microsoft’s OAuth device authorization flow a legitimate authentication feature to steal Microsoft 365 account credentials at scale. This technique, known as device code phishing, has surged in popularity among threat actors, replacing traditional credential-harvesting methods due to its effectiveness and stealth.
### How the Attack Works
The attack exploits the OAuth 2.0 device authorization flow, originally designed for devices with limited input capabilities (e.g., smart TVs or gaming consoles). Hackers generate device codes via Microsoft’s APIs and distribute them through phishing emails containing PDFs, URLs, or QR codes. When victims enter the code on Microsoft’s official device login page, they unknowingly grant attackers full access to their accounts without triggering suspicious login prompts.
Once authenticated, threat actors obtain persistent access tokens, allowing them to maintain control even if the victim changes their password. The entire process occurs on legitimate Microsoft domains, making detection difficult for traditional security tools.
### Widespread Adoption by Threat Actors
Proofpoint researchers first identified the surge in early 2025, documenting hundreds of campaigns targeting organizations across industries. Multiple threat groups, including TA4903, EvilProxy operators, Storm-365, and those using the Kali 365 toolkit, have integrated device code phishing into their operations.
- TA4903 targeted small businesses and government entities, impersonating services like Microsoft, DocuSign, and Norton.
- The Tycoon 2FA phishing kit added device code capabilities, while Russian-linked cybercriminal infrastructure has also adopted the technique.
- The proliferation accelerated after proof-of-concept tools like ClickFix lowered the barrier to entry, enabling even low-skilled attackers to deploy the method.
### Global Impact and Detection Challenges
Device code phishing campaigns have been observed worldwide, with phishing pages localized in multiple languages, including Spanish and German. The attack’s seamless integration with Microsoft’s infrastructure means no red flags appear during authentication, making it particularly deceptive.
Security teams have struggled to counter the threat, as traditional phishing awareness training does not cover this vector. Proofpoint recommends blocking device code flows via conditional access policies and requiring managed devices for authentication to mitigate risks.
### Indicators of Compromise (IoCs)
Researchers have identified numerous malicious domains associated with these campaigns, including:
- EvilTokens-linked domains (e.g., `onedrive-9tudh[.]thebootieselmny-thi-om-s-oundh[.]workers[.]dev`)
- B-OX-linked domains (e.g., `stelwsystems[.]com`, `marketkarr-lengnefl[.]com`)
(Note: Domains are defanged to prevent accidental resolution.)
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Norton ??
What was Norton's A.I Rankiteo Cyber Score in June 2026 ??
What was Norton's A.I Rankiteo Cyber Score in May 2026 ??
What was Norton's A.I Rankiteo Cyber Score in April 2026 ??
What was Norton's A.I Rankiteo Cyber Score in March 2026 ??
What was Norton's A.I Rankiteo Cyber Score in February 2026 ??
What was Norton's A.I Rankiteo Cyber Score in January 2026 ??
What was Norton's A.I Rankiteo Cyber Score in December 2025 ??
What was Norton's A.I Rankiteo Cyber Score in November 2025 ??
What was Norton's A.I Rankiteo Cyber Score in October 2025 ??
What was Norton's A.I Rankiteo Cyber Score in September 2025 ??
What was Norton's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Norton's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Norton ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Norton's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?