Cybersecurity researchers at Push Security have uncovered a sophisticated phishing campaign that exploits Microsoft’s Active Directory Federation Services (ADFS) to create legitimate-looking login URLs that redirect users to malicious credential-harvesting sites. This attack represents a significant escalation in phishing techniques, effectively turning Microsoft’s own infrastructure into an unwitting accomplice in credential theft operations. The attack … Continue reading Microsoft 365 Accounts Under Siege – Hackers Exploit ADFS and Office.com for Credential Theft