Find notable cyber news and cases, enriched with sources, timelines, and signals.

Microsoft Azure Monitor callback phishing campaign

Campaign
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

A callback phishing campaign is abusing Microsoft Azure Monitor alerts to send fake billing warnings through legitimate Microsoft mail flow, making the messages more believable to recipients. The operation has been active over the past month and uses urgent notices about unauthorized charges to pressure people into calling attacker-controlled numbers. The trusted sender path and preserved authentication results raise the chance that the lure will bypass spam filters and user suspicion.

Related Happenings

QR code phishing surged across email threats in Q1 2026

Trend
H score73 First: 05.05.2026 09:35 Last: 05.05.2026 09:35 Sources 1

About this happening: **Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....

Microsoft 365 mailbox-rule abuse rises across breached accounts in Q4 2025

Trend
H score6 First: 13.04.2026 18:00 Last: 13.04.2026 18:00 Sources 1

About this happening: In **Q4 2025**, about **10%** of breached **Microsoft 365** accounts had malicious mailbox rules created within seconds of compromise, increasing **persistence**, **data theft**,...

Russian state-sponsored hackers' ongoing Signal and WhatsApp phishing campaign

Campaign
H score38 First: 09.03.2026 23:24 Last: 09.03.2026 23:24 Sources 1

About this happening: An **ongoing Russian intelligence-linked** phishing **campaign** is targeting **Signal** and **WhatsApp** users and has evolved from stealing verification codes and account PINs t...

Latest development: 27.06.2026 01:06

FBI and CISA warn that the Russian intelligence services-linked Signal phishing campaign has evolved from stealing verification codes, account PINs, and linked-device access to eliciting victims' Backup Recovery Keys through impersonated Signal support messages. If a target provides the key, attackers can restore Signal's Secure Backups on their own devices and read historical messages, including private and group conversations, while the campaign continues to target high-intelligence-value individuals.

Tycoon 2FA-Storm-1747 ecosystem shift changes threat-actor operations

Threat Actor Meta
H score82 First: 05.03.2026 08:51 Last: 05.03.2026 08:51 Sources 1

About this happening: **Tycoon2FA** has evolved from a **subscription-based PhaaS** into a more resilient phishing service that now supports **device-code phishing** against **Microsoft 365** accounts....

Latest development: 17.05.2026 17:43

eSentire says Tycoon2FA now uses device-code phishing to target Microsoft 365 accounts, with invoice-themed lure emails carrying Trustifi click-tracking URLs that redirect through Trustifi, Cloudflare Workers, obfuscated JavaScript layers, and a fake Microsoft CAPTCHA page before sending victims to microsoft.com/devicelogin. The kit also adds anti-analysis defenses, including detection of Selenium, Puppeteer, Playwright, and Burp Suite, plus blocks for security vendors, VPNs, sandboxes, AI crawlers, and cloud providers.

Global phishing and identity-compromise trend across Darktrace customers in 2025

Trend
H score61 First: 26.02.2026 17:00 Last: 26.02.2026 17:00 Sources 1

About this happening: **Darktrace** telemetry showed a sharp rise in **identity-driven phishing** across its **global customer base** in **2025**, with **more than 32 million** high-confidence phishing...

Timeline

  1. 21.03.2026 16:09 2 articles · 3mo ago

    Azure Monitor callback phishing campaign disclosed

    Initial Disclosure

    A callback phishing campaign is abusing Microsoft Azure Monitor alert messages to impersonate Microsoft Security Team billing warnings, using urgent unauthorized-charge language, attacker-controlled phone numbers, and legitimate [email protected] delivery that passes SPF, DKIM, and DMARC checks.

    Show sources