phishing

Microsoft 365 Phishing Kit Evolves: A New Breed of Stealth Attacks Surges In the constantly evolving cybersecurity battlefield, attackers relentlessly innovate to stay one step ahead of defenders. The latest example comes from the dark underworld of phishing-as-a-service (PhaaS), where a...

A New Phishing Frontier: Tycoon2FA Evolving to Outsmart Microsoft 365 Security Phishing attacks are evolving, and the latest twist comes from the Tycoon2FA phishing kit. Designed as a Phishing-as-a-service (PhaaS) platform, Tycoon2FA is notorious for bypassing multi-factor authentication (MFA)...

An Unseen Intrusion: How Atlas Lion Blended In and Struck at Big-Box Retailers In today’s digital battleground, even the most robust corporate networks are vulnerable to unexpected breaches that exploit the very rules designed to protect them. Recent findings by cybersecurity firm Expel and...

Innovative Phishing Tactics Threaten Critical Infrastructure Russian state-backed APT group Storm-2372 has triggered a new alarm in the cybersecurity community by leveraging an ingenious form of device code phishing to sidestep multi-factor authentication (MFA). This sophisticated attack...

As Tax Day nears, threat actors are pulling out all the stops by deploying tax-themed phishing campaigns that combine age-old social engineering tricks with modern redirection techniques and sophisticated malware. In recent months, Microsoft’s threat intelligence team has observed several...

The Changing Landscape of Cloud Email Security Cloud-based email solutions have revolutionized business communications, with Microsoft 365 (M365) emerging as the go-to platform for organizations around the world. However, as with any technological breakthrough, the very features that make M365...

Stealing user credentials is an ever-evolving cybersecurity threat, and few techniques capture the complexity of modern attacks like Evilginx does. At its core, Evilginx repurposes the legitimate, widely used nginx web server to launch man-in-the-middle attacks that can pilfer usernames...

Phishing Attacks Using Legitimate Microsoft Channels: A Sophisticated Threat Unveiled The cybersecurity landscape continues to evolve, and the latest threat from cybercriminals underscores that evolution in a particularly insidious way. A recent campaign, detailed by KnowBe4’s Threat Labs...

Barracuda’s detection systems recently blocked over a million phishing attacks—a staggering number that underscores a rapidly evolving threat landscape powered by sophisticated Phishing-as-a-Service (PhaaS) platforms. This development is especially critical for Windows users and organizations...

Microsoft has long been a major player in the cybersecurity arena, and its latest rollout of AI agents in Security Copilot underscores a commitment to not only staying ahead of threats but also streamlining security operations for defense teams. In an era where phishing attacks and alert fatigue...

In today’s digital arena, where cybersecurity threats can feel as relentless as an inbox full of spam, Microsoft is stepping into the breach with an innovative suite of AI-powered security agents. As cybercriminals send more than 30 billion phishing emails in 2024 alone, it’s clear that...

Microsoft 365 Security is Evolving – Are You Ready for 2025 Threats? Microsoft 365 is the backbone of enterprise productivity, and as it becomes increasingly entwined with every business process, attackers are sharpening their tactics. A recent summit highlighted on Redmondmag.com titled...

Phishing attacks continue to evolve in sophistication, and the latest reports reveal that threat actors are now abusing Microsoft 365’s built-in features to bypass traditional security filters. In a clever twist on the classic business email compromise (BEC), attackers are compromising multiple...

The recent report from Security Magazine uncovers a cunning phishing campaign that exploits Microsoft 365 infrastructure—a move that demonstrates how modern threat actors leverage trusted platforms to launch sophisticated attacks. In this campaign, malicious actors manipulate legitimate...

The surge in phishing attacks is not just a threat lurking on the horizon—it’s already upon us. A recent report by Barracuda Networks reveals that the first two months of 2025 have witnessed a dramatic rise in Phishing-as-a-Service (PhaaS) operations, with over one million phishing attempts...

Over the past couple of months, the cybersecurity landscape has faced another twist in its never-ending battle against phishing. In early 2025, Barracuda Networks reported a surge in phishing-as-a-service (PhaaS) attacks—over a million in total—with notorious tools like Tycoon 2FA and EvilProxy...

Hackers are once again proving that even trusted platforms can be twisted for malicious purposes. A recent campaign, detailed by cybersecurity researchers, reveals that cybercriminals are employing fake OAuth applications—masquerading as popular services like Adobe Drive, Adobe Acrobat, and...

Attackers are now turning Microsoft 365's built-in trust to their advantage, launching phishing campaigns that operate entirely within the service’s native ecosystem. Instead of relying on fake domains or blatant email spoofing, these sophisticated adversaries are exploiting genuine Microsoft...

BEC Attacks Exploit Microsoft 365 Trust – A Wake-Up Call for Security Teams The cybersecurity landscape is encountering yet another twist as threat actors harness Microsoft 365 infrastructure to execute sophisticated Business Email Compromise (BEC) attacks. In a recent report highlighted by...

The sophisticated phishing campaign uncovered by GBHackers exemplifies how threat actors are continuously evolving their tactics to exploit even the most trusted infrastructures—namely, Microsoft 365. This attack is not your garden-variety scam. Instead, it is a multifaceted exploitation of...