Neat Digest  ·  Archive  ·  Open in app ↗

New phishing kits target Microsoft 365 accounts, evade MFA

Score 3.3/10 · 1 sources · July 14, 2026
New phishing kits target Microsoft 365 accounts, evade MFA

Two new phishing kits, Jalisco and OmegaLord, have been discovered targeting Microsoft 365 accounts. These kits use advanced techniques to bypass multi-factor authentication (MFA), including real-time credential harvesting and session cookie theft. The attacks were identified by cybersecurity researchers tracking threat actor activity. Jalisco employs a reverse proxy to intercept authentication tokens, while OmegaLord uses a more sophisticated approach to capture MFA codes. The kits are being distributed on underground forums and have been used in targeted campaigns against organizations in multiple sectors. Microsoft has acknowledged the threat and recommends additional security measures such as conditional access policies and hardware security keys.

Global Impact

This development has significant implications for enterprise cybersecurity. Economically, it drives increased spending on advanced authentication and threat detection solutions, benefiting vendors like Microsoft, Okta, and Duo.