Intel Drops #4

An ongoing phishing campaign leverages Cloudflare pages.dev infrastructure and CAPTCHA challenges to host Microsoft-themed credential-harvesting pages, using invoice/bid/signature email lures that redirect to spoofed OpenGov sites; analysis suggests a Rockstar2FA phishing kit, and the report shares numerous implicated domains (IoCs) while requesting further community intelligence.