New Browser-in-the-Browser Phishing Attack to Steal Microsoft 365 Logins

Unit 42 and Cyber Security News describe a sophisticated Browser‑in‑the‑Browser phishing campaign that embeds a draggable, device‑fingerprinted fake Microsoft OAuth login within malicious webpages to harvest credentials and OAuth consent grants; attackers use debugging blocks, keyword fragmentation, and bot redirection to evade detection, and stolen tokens can provide persistent access to Microsoft 365 environments even after password changes.