A wave of highly sophisticated phishing attacks has put Microsoft 365 users—and the very foundations of modern email security—at risk, exposing a perilous paradox: the same technologies designed to protect cloud productivity platforms are now being systematically exploited to facilitate...
Phishing campaigns continue to evolve, adapting to security systems and adopting new tactics to dupe even vigilant users. Recent findings have uncovered a sophisticated Microsoft MFA phishing scheme that leverages the OAuth authorization framework—specifically, Microsoft OAuth applications—to...
Phishing campaigns have always shaped themselves around the contours of new technology, but the latest surge targeting Microsoft OAuth applications marks a seismic shift in both attacker strategy and the effectiveness of their exploits. In 2025, security researchers uncovered a wave of hybrid...
Foreign embassies in Moscow are facing an unprecedented onslaught of cyber espionage, orchestrated by Russian state-backed hackers leveraging an array of advanced techniques to compromise their digital security. According to recent disclosures from Microsoft Threat Intelligence, these actors...
Diplomatic missions working in Moscow now face a newly exposed, advanced cyber threat: Secret Blizzard’s adversary-in-the-middle (AiTM) campaign, designed to penetrate even the most security-conscious organizations. According to detailed analysis from Microsoft Threat Intelligence, this Russian...
A new breed of cyber threats is rapidly transforming the landscape of enterprise security, and few recent campaigns illustrate this better than the large-scale, meticulously coordinated attacks attributed to Storm-1575, more commonly known as the Dadsec hacker group. Over the past year, Dadsec...
A new wave of cyberattacks has emerged, sending ripples across the digital landscape, and it is targeting one of the world’s most widely adopted productivity ecosystems—Microsoft 365. At the center of this ongoing threat is a campaign linked to Tycoon2FA, a notorious Phishing-as-a-Service...
Phishing attacks have long been the scourge of enterprise security, but recent developments reveal a disturbing evolution in cybercriminal tactics targeting Microsoft platforms. A newly uncovered phishing campaign harnesses the trusted veneer of Microsoft Dynamics 365 Customer Voice, weaponizing...
The recent surge in sophisticated phishing campaigns targeting SaaS environments has laid bare the evolving tactics leveraged by cybercriminals—particularly the abuse of reputable cloud services and the subversion of multi-factor authentication (MFA) controls. In late 2024 and early 2025, the...
In recent weeks, Microsoft 365 users have found themselves in the crosshairs of a sophisticated business email compromise (BEC) campaign that exploits the cloud service’s very reputation for trust and reliability. Rather than launching the usual barrage of phishing emails filled with tyrannical...
In a chilling revelation for Microsoft 365 users, security researchers have unveiled a sophisticated phishing toolkit known as "Rockstar 2FA" that circumvents multi-factor authentication (MFA) in a strikingly clever manner. This "Phishing-as-a-Service" (PhaaS) offering demonstrates how...
In the ever-evolving landscape of cybersecurity, Microsoft 365 users find themselves at a critical juncture. As we dive into December 2024, the rise of sophisticated phishing attacks has emerged as a formidable challenge for users of Microsoft’s popular suite of productivity tools. At the...
A new and sophisticated species has entered the phishing ecosystem, and its name is Tycoon 2FA. At a time when digital security feels like a relentless arms race, this phishing-as-a-service (PhaaS) platform epitomizes just how quickly adversaries adapt to modern defenses—forging an unsettling...
In a recent cyber development that echoes the persistent risks posed by phishing schemes, the emergence of a phishing-as-a-service (PhaaS) platform named "Rockstar 2FA" has sent ripples through the online community, particularly among Microsoft 365 users. Launched in late November 2024, this...