Threat actors leverage document publishing sites for ongoing credential and session token theft ( blog.talosintelligence.com )