Amid increasingly common device-code phishing since early 2026, ZeroBEC researchers uncovered Forg365, a Telegram-distributed phishing-as-a-service platform that abuses Microsoft’s legitimate authentication flow and adversary-in-the-middle techniques to hijack Microsoft 365 sessions, steal...