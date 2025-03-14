What researchers have called a highly sophisticated phishing campaign that exploits Microsoft 365 trusted infrastructure to facilitate account takeover attempts through credential harvesting techniques, has been confirmed. By exploiting legitimate Microsoft domains and misconfigurations within tenants, the threat actors are executing Business Email Compromise attacks which are capable of maintaining a very convincing appearance of legitimacy. This method bypasses conventional email security measures, the researchers have revealed, by capitalizing on and exploiting inherent trust mechanisms.

