[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fl-7FbxtSMDKpzA7I3CkjTIrQb-BMT2X26_KuQZmLk-I":3},{"lesson":4},{"id":5,"slug":6,"article_id":7,"title":8,"body":9,"prevention":10,"framework_refs":11,"status":24,"created_at":25,"published_at":26,"article":27,"tags":31,"podcasts":44},"20fcb2a6-14d5-4349-bbe8-5c7d7c0308af","ai-powered-phishing-as-a-service-platform-targets-microsoft-365-accounts","6c997aeb-c6e5-43da-8ecf-75b8b5e2897e","AI-Powered Phishing-as-a-Service Platform Targets Microsoft 365 Accounts","The Forg365 platform represents a significant evolution in phishing threats by combining AI-generated lures with adversary-in-the-middle (AiTM) and device code phishing techniques, enabling attackers to bypass traditional multi-factor authentication. By automating phishing content creation with AI, the barrier to entry for cybercriminals has dropped dramatically, making sophisticated attacks more scalable and harder to detect. The inclusion of a malicious browser extension further enables persistent access even after password resets, extending the attacker's foothold. This matters because Microsoft 365 accounts are a high-value target holding sensitive business data, email communications, and access to interconnected cloud services — compromise of one account can cascade across an entire organization.","**Immediate actions:**\n- Enforce phishing-resistant MFA methods (e.g., FIDO2\u002Fhardware security keys) instead of SMS or app-based OTP, which AiTM attacks can bypass.\n- Audit and restrict which browser extensions are permitted on corporate devices using endpoint management policies.\n- Enable Microsoft Conditional Access policies to block sign-ins from unexpected locations, devices, or token replay attempts.\n\n**Security awareness improvements:**\n- Train employees to recognize AI-generated phishing lures, emphasizing that polished, convincing language is no longer a sign of legitimacy.\n- Conduct regular simulated phishing exercises that include device code phishing scenarios to build staff recognition skills.\n\n**Detection & monitoring measures:**\n- Monitor Microsoft 365 audit logs for anomalous device code authentication requests, token usage from unexpected IP addresses, or new browser extension installations.\n- Deploy a CASB (Cloud Access Security Broker) or Microsoft Defender for Cloud Apps to detect and alert on suspicious OAuth token activity and session anomalies.",[12,13,14,15,16,17,18,19,20,21,22,23],"CIS Control 4 – Secure Configuration of Enterprise Assets and Software","CIS Control 6 – Access Control Management","CIS Control 14 – Security Awareness and Skills Training","CIS Control 13 – Network Monitoring and Defense","NIST SP 800-63B – Digital Identity Guidelines (Phishing-Resistant AAL3 Authenticators)","NIST AC-17 – Remote Access","NIST SI-3 – Malicious Code Protection","NIST IR-5 – Incident Monitoring","MITRE ATT&CK T1557 – Adversary-in-the-Middle","MITRE ATT&CK T1528 – Steal Application Access Token","MITRE ATT&CK T1176 – Browser Extensions","GDPR Article 32 – Security of Processing (for EU organizations handling personal data via M365)","published","2026-07-09T16:20:40.799025+00:00","2026-07-09T16:20:40.531+00:00",{"id":7,"url":28,"slug":29,"title":30},"https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fnew-forg365-phishing-platform-uses-ai-to-target-microsoft-365-accounts\u002F","new-forg365-phishing-platform-uses-ai-to-target-microsoft-365-accounts-e29867","New Forg365 phishing platform uses AI to target Microsoft 365 accounts",[32,38],{"id":33,"name":34,"slug":35,"description":36,"color":37},"1ec88fde-2d0f-4ed8-932a-33f5ccc0fdc7","Access Control","access-control","Excessive privileges, missing MFA, weak auth","#f97316",{"id":39,"name":40,"slug":41,"description":42,"color":43},"7261eb8f-acd4-4d93-a489-7fdd652ec0ea","Security Awareness","security-awareness","Phishing, social engineering, human error","#22c55e",[]]