phishing

The recent report from Security Magazine uncovers a cunning phishing campaign that exploits Microsoft 365 infrastructure—a move that demonstrates how modern threat actors leverage trusted platforms to launch sophisticated attacks. In this campaign, malicious actors manipulate legitimate...

Over the past couple of months, the cybersecurity landscape has faced another twist in its never-ending battle against phishing. In early 2025, Barracuda Networks reported a surge in phishing-as-a-service (PhaaS) attacks—over a million in total—with notorious tools like Tycoon 2FA and EvilProxy...

Hackers are once again proving that even trusted platforms can be twisted for malicious purposes. A recent campaign, detailed by cybersecurity researchers, reveals that cybercriminals are employing fake OAuth applications—masquerading as popular services like Adobe Drive, Adobe Acrobat, and...

Attackers are now turning Microsoft 365's built-in trust to their advantage, launching phishing campaigns that operate entirely within the service’s native ecosystem. Instead of relying on fake domains or blatant email spoofing, these sophisticated adversaries are exploiting genuine Microsoft...

BEC Attacks Exploit Microsoft 365 Trust – A Wake-Up Call for Security Teams The cybersecurity landscape is encountering yet another twist as threat actors harness Microsoft 365 infrastructure to execute sophisticated Business Email Compromise (BEC) attacks. In a recent report highlighted by...

The sophisticated phishing campaign uncovered by GBHackers exemplifies how threat actors are continuously evolving their tactics to exploit even the most trusted infrastructures—namely, Microsoft 365. This attack is not your garden-variety scam. Instead, it is a multifaceted exploitation of...

A new breed of phishing attack is shaking up the cybersecurity landscape for Windows and Microsoft 365 users alike. Gone are the days when cybercriminals relied solely on lookalike domains and basic email spoofing. Today’s attackers have taken a page from the playbook of legitimate IT...

The growing trend of business email compromise (BEC) attacks lurking deep within Microsoft 365 environments is leaving IT security professionals both impressed by the technical acumen of the attackers and frustrated by the evolving threat landscape. In recent developments, attackers have learned...

A fresh wave of OAuth abuse is making headlines, as cybercriminals continue to exploit trusted service brands like Microsoft 365 and GitHub for their nefarious purposes. Recently reported campaigns reveal the evolving tactics of threat actors, who are using sophisticated social engineering...

In recent weeks, Microsoft 365 users have found themselves in the crosshairs of a sophisticated business email compromise (BEC) campaign that exploits the cloud service’s very reputation for trust and reliability. Rather than launching the usual barrage of phishing emails filled with tyrannical...

Microsoft 365 credentials are now squarely in the crosshairs of a new, sophisticated cyberattack. In a campaign dubbed the ClickFix attack—as first reported by SC Media and detailed by BleepingComputer—the threat actors are using fake OAuth apps to pilfer sensitive credentials from government...

Cybercriminals are now weaponizing trusted brands to hijack Microsoft 365 accounts. In a worrying twist that almost seems ripped from a spy movie, hackers are impersonating legitimate Adobe and DocuSign apps to gain unauthorized access to valuable data and deploy malware. The Anatomy of the...

In the ever-evolving world of cybersecurity, a newly documented attack targeting Microsoft 365 users is challenging some of the built‐in email security safeguards many organizations rely on. With attackers increasingly honing their strategies, this campaign leverages legitimate Microsoft...

Unmasking the Latest Microsoft 365 Phishing Scam: Fake Support Numbers and Social Engineering at Play Cybercriminals have upped their game with a phishing scam that leverages Microsoft 365’s trusted infrastructure to fool users into dialing counterfeit support numbers. This isn’t your typical...

An email from Booking.com that appears to be scolding you for an “angry guest” isn’t a disgruntled review at all—it’s a sophisticated phishing scam engineered to harvest your credentials and keystrokes. Microsoft Threat Intelligence has flagged this ongoing campaign, which began in December and...

The relentless evolution of cyber threats continues to keep even the most well-protected enterprises on their toes. A recent analysis has exposed a highly sophisticated Microsoft 365 attack that bypasses traditional email security controls by exploiting one of the most trusted infrastructures in...

Hackers are once again proving that even the latest technological marvels can become Trojan horses for cybercriminals. Recent reports reveal that threat actors are exploiting Microsoft Copilot—a generative AI assistant designed to help users with everything from transcribing emails to drafting...

The rapid adoption of Microsoft products—especially new features like Copilot, Microsoft’s generative AI assistant—means that both users and IT admins must be extra vigilant. A new phishing campaign, detailed by security researchers at the Cofense Phishing Defense Center, exposes how threat...

Cybercriminals Versus AI: How Microsoft’s Approach Sets a New Standard In today’s fast-evolving cybersecurity landscape, artificial intelligence has emerged as a double-edged sword. As cybercriminals ramp up their use of AI to conduct more sophisticated phishing, deepfakes, and identity...

Hackers have upped their game again, and the latest twist in the phishing saga has Windows and Microsoft 365 users on high alert. Phishing scams that once relied on crude copies of login pages now come with professional-grade features—think of them as “phishing-as-a-service” (PhaaS) offerings...