New phishing kits target Microsoft 365 accounts, evade MFA
New phishing kits named Forg365 are bypassing multi-factor authentication to compromise Microsoft 365 accounts.
Velocity
How fast coverage is spreading — measured hourly from article rate × source diversity. How this works →
The brief
New phishing-as-a-service (PhaaS) tools, specifically the Forg365 kit, are targeting Microsoft 365 users. The attacks utilize Adversary-in-the-Middle (AitM) session theft and manipulate OAuth device codes to gain unauthorized account access. These methods allow attackers to circumvent standard multi-factor authentication protocols.
Coverage from BleepingComputer, The Hacker News, CSO Online, and GBHackers emphasizes the technical mechanisms behind the toolkit, including the abuse of Entra ID enrollment. Additionally, SecurityWeek reports that Okta has issued warnings regarding vishing attacks specifically aimed at Microsoft 365 customers. Future reports will track whether additional security platforms release patches or detection signatures for these specific AitM techniques.
Information regarding the broader scope of the campaign remains under investigation.
Synthesized by headlinez.news from the headlines below under a strict no-invention contract. ✓ fact-checked: all claims supported by sources Updated just now.
Quick answers
What is Forg365?
Forg365 is a new Phishing-as-a-Service (PhaaS) kit designed to target Microsoft 365 accounts by bypassing multi-factor authentication.
How do these attacks work?
Attacks employ Adversary-in-the-Middle session theft, OAuth device code abuse, and Entra ID enrollment manipulation to gain persistent access.
Are vishing attacks involved?
Yes, coverage indicates that vishing attacks are also being utilized to target Microsoft 365 customers.
Coverage (5)
- Phishing for dummies: Forg365 lowers barrier to M365 account takeovers csoonline.com · 22h ago
- Hackers Abuse OAuth Device Codes and Entra ID Enrollment for Persistent SaaS Access gbhackers.com · 22h ago
- Okta Warns of Vishing Attacks Targeting Microsoft 365 Customers SecurityWeek · 22h ago
- Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft The Hacker News · 22h ago
- New phishing kits target Microsoft 365 accounts, evade MFA BleepingComputer · 22h ago
Topics
Related trends
White House launches cybersecurity clearinghouse to patch software flaws discovered by AI
The White House has officially launched 'Gold Eagle,' a new clearinghouse designed to address software vulnerabilities identified by artificial intelligence.
SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now
SonicWall is urging users to patch SMA1000 appliances immediately following reports that two zero-day vulnerabilities are being actively exploited.
Microsoft’s Secure Boot has been broken for a decade and no one noticed until now
Newly identified vulnerabilities in Microsoft-signed UEFI shims allow for Secure Boot bypasses that have persisted for a decade.
Microsoft Patches a Record 570 Security Flaws
Microsoft’s July 2026 Patch Tuesday shatters records with a flood of critical fixes—raising alarms for IT teams worldwide.
Public to be told how to prepare for cyber-attack and weather emergencies
UK government prepares citizens for dual threats: cyber-attacks and extreme weather
iOS 26.6 Will Warn You About Malicious iMessages
Apple’s iOS 26.6 will now scan iMessages for threats before they reach your device