PhaaS
-
Phishing actors spoof internal addresses by abusing complex email routing, Microsoft warns
Microsoft warned that phishing actors exploit complex mail routing and misconfigured spoof protections to send emails appearing internal, and that more than 13 million messages tied to the Tycoon 2FA kit were blocked in October 2025.
-
Over 4,300 Domains Used in Mass Phishing Campaign Targeting Hotel Guests
Researchers say a Russian-speaking threat actor registered more than 4,300 domains this year to run a large phishing campaign impersonating hotel booking services and harvesting payment data and credentials.
-
Microsoft, Cloudflare Lead Disruption of RaccoonO365 Phishing Network, Seizing 338 Domains
Microsoft and Cloudflare led a coordinated takedown of the RaccoonO365 phishing-as-a-service network, seizing 338 domains and disrupting a campaign that had targeted thousands of Microsoft 365 credentials across dozens of countries. The operation highlights how criminal networks leverage legitimate internet infrastructure to facilitate credential theft, with law enforcement pursuing principal operators and affiliates alike.
-
New Phishing-as-a-Service Operation Utilizes Advanced Evasion Techniques
The Morphing Meerkat phishing operation employs advanced techniques including DNS over HTTPS to evade detection and deliver dynamic spoofed login pages for over 114 brands.
-
New Phishing Kit Targets Users by Impersonating 114 Brands Using DNS
Cybersecurity researchers have identified a new phishing-as-a-service platform dubbed Morphing Meerkat, which utilizes DNS records to execute targeted phishing attacks against 114 brands, employing sophisticated techniques to manage and disseminate stolen credentials.
