Security · 1h ago
Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Attacks
A new phishing-as-a-service platform called Forg365 targets Microsoft 365 accounts using device code phishing, adversary-in-the-middle tactics, and AI-assisted lure creation. Distributed via Telegram, it costs $400 per month or $3,800 per year. The service also includes post-compromise mailbox operations to steal data.
Meridian48 take
Forg365's combination of AI-generated lures and AitM techniques shows how phishing kits are becoming more sophisticated, lowering the barrier for attackers to bypass MFA.
Read the full reporting
Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft →
The Hacker News
phishing-as-a-servicemicrosoft-365