logo

New phishing kits target Microsoft 365 accounts, evade MFA

ID: 65bbd624-ecb4-5419-a64b-b6b16892459b

STIX ID: report--65bbd624-ecb4-5419-a64b-b6b16892459b

Feed Name: Bleeping Computer

Threat Score
70/100

Date Published: 2026-07-14

Date Updated: 2026-07-15

Author: Bill Toulas

...
...

Researchers at ReliaQuest analyzed two phishing kits—Jalisco, which automates Microsoft OAuth device-code phishing to authorize attacker-controlled devices, and OmegaLord, which poses as a PDF reader to steal credentials and phone numbers—both engineered to bypass MFA, enable account takeover, rapidly exfiltrate SaaS/SharePoint data, and facilitate extortion; recommended mitigations include tightening device-registration limits, blocking device-code authentication in conditional access, and auditing app registrations.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.