8 articles tagged with "Microsoft 365"
CVE-2026-42824 chained prompt injection, a timing race, and CSP bypass to exfiltrate Outlook emails, OneDrive files, and MFA codes via Microsoft 365 Copilot. Now patched.
New phishing-as-a-service platform bypasses MFA via OAuth device code flow. FBI PSA details how Kali365's AI-generated lures and $250/month pricing are enabling widespread credential theft.
AI-enabled device code phishing campaigns hit hundreds of Microsoft 365 accounts daily since mid-March. Criminal toolkits proliferate as attacks bypass MFA at scale.
New ConsentFix v3 attack automates Microsoft Azure OAuth credential theft using Pipedream webhooks and Cloudflare phishing pages. Pre-trusted apps bypass MFA entirely.
Joint FBI-Indonesian operation dismantles W3LL phishing platform behind $20M in fraud attempts. Developer arrested after 25,000+ stolen accounts sold since 2019.
FBI-led Operation Masquerade dismantled Russia's GRU-linked FrostArmada, which compromised 18,000+ routers to steal Microsoft 365 credentials via DNS hijacking.
Check Point tracks an Iran-nexus campaign targeting Microsoft 365 accounts across 300+ Israeli organizations and 25+ UAE entities. Attackers use Tor exit nodes and Israeli VPNs to evade detection.
EvilTokens phishing platform targets Microsoft 365 identities across US, Canada, Australia, New Zealand, and Germany. OAuth abuse bypasses MFA to steal access tokens.