headlinez.news Live news trend intelligence
▲ Peaking Technology

New phishing kits target Microsoft 365 accounts, evade MFA

New phishing kits named Forg365 are bypassing multi-factor authentication to compromise Microsoft 365 accounts.

5sources
5articles
3velocity
+0%since first seen
just nowfirst detected

Velocity

How fast coverage is spreading — measured hourly from article rate × source diversity. How this works →

The brief

New phishing-as-a-service (PhaaS) tools, specifically the Forg365 kit, are targeting Microsoft 365 users. The attacks utilize Adversary-in-the-Middle (AitM) session theft and manipulate OAuth device codes to gain unauthorized account access. These methods allow attackers to circumvent standard multi-factor authentication protocols.

Coverage from BleepingComputer, The Hacker News, CSO Online, and GBHackers emphasizes the technical mechanisms behind the toolkit, including the abuse of Entra ID enrollment. Additionally, SecurityWeek reports that Okta has issued warnings regarding vishing attacks specifically aimed at Microsoft 365 customers. Future reports will track whether additional security platforms release patches or detection signatures for these specific AitM techniques.

Information regarding the broader scope of the campaign remains under investigation.

Synthesized by headlinez.news from the headlines below under a strict no-invention contract. ✓ fact-checked: all claims supported by sources Updated just now.

Quick answers

What is Forg365?

Forg365 is a new Phishing-as-a-Service (PhaaS) kit designed to target Microsoft 365 accounts by bypassing multi-factor authentication.

How do these attacks work?

Attacks employ Adversary-in-the-Middle session theft, OAuth device code abuse, and Entra ID enrollment manipulation to gain persistent access.

Are vishing attacks involved?

Yes, coverage indicates that vishing attacks are also being utilized to target Microsoft 365 customers.

Coverage (5)

Topics

Related trends

↑ Rising Technology

Microsoft Patches a Record 570 Security Flaws

Microsoft’s July 2026 Patch Tuesday shatters records with a flood of critical fixes—raising alarms for IT teams worldwide.

5 sources 5 articles v 3 2h ago