importantSYS.SOURCE: The Hacker News• 2026-07-13T13:00:00+05:30
Three Evilginx Phishing Campaigns Targeting Microsoft 365 Exposed via Misconfigured Server
A misconfigured server exposed three Evilginx phishing campaigns targeting Microsoft 365, utilizing MFA bypass techniques through proxy attacks and OAuth device code flows. The operations leveraged AI-assisted development and connected to a broader phishing-as-a-service ecosystem.
An attacker running a live Microsoft 365 phishing operation left a Python web server listening on a public port with directory listing switched on. The command that did it: python3 -m http.server 8080, was still sitting in the readable .bash_history.
From that one lapse, French security firm Lexfo lifted the operator's entire toolkit and pivoted through it to two more
*** END OF TRANSMISSION ***