Find notable cyber news and cases, enriched with sources, timelines, and signals.

Code of conduct-themed Microsoft AiTM phishing campaign

Campaign
First reported
Last updated
Happening score
H score 53
2 unique sources, 2 articles

Summary

Hide ▲

A large-scale phishing campaign used code of conduct-themed lures and legitimate email services to push victims to attacker-controlled domains and steal authentication tokens, raising the risk of MFA bypass. The operation ran from April 14 to 16, 2026 and targeted more than 35,000 users across over 13,000 organizations in 26 countries. Microsoft said 92% of targets were in the U.S., with heavy targeting of healthcare and life sciences, financial services, professional services, and technology and software. The attack chain used PDF attachments, multiple CAPTCHA pages, and adversary-in-the-middle (AiTM) phishing to harvest Microsoft credentials in real time.

Related Happenings

O-UNC-066 / Pink Microsoft Entra passkey vishing campaign

Campaign
H score37 First: 08.07.2026 19:47 Last: 08.07.2026 19:47 Sources 1

About this happening: The **O-UNC-066 / Pink** operation is using **voice-based phishing** to push **Microsoft 365** users into enrolling attacker-controlled **Entra passkeys**, creating a direct path...

TA4922 expanded European phishing-and-malware campaign

Campaign
H score40 First: 04.06.2026 00:45 Last: 04.06.2026 00:45 Sources 1

About this happening: **TA4922** is a **China-linked** cybercrime campaign that has expanded from **East Asia** into **Europe and Africa**, including **the U.K., Germany, Italy, and South Africa**. The...

KongTuke Microsoft Teams initial access campaign

Campaign
H score42 First: 14.05.2026 15:12 Last: 14.05.2026 15:12 Sources 1

About this happening: The **KongTuke** campaign now uses **Microsoft Teams** social engineering to gain persistent access to **corporate networks**, shortening initial compromise to **under five minute...

QR code phishing surged across email threats in Q1 2026

Trend
H score73 First: 05.05.2026 09:35 Last: 05.05.2026 09:35 Sources 1

How related: Data from Microsoft shows a massive surge in QR code phishing during the three-month time period, as attack volumes jumped from 7.6 million in January to 18.7 million in March, representing a 146% increase.

About this happening: **Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....

Silk Typhoon / Hafnium coordinated intelligence-gathering campaign

Campaign
H score59 First: 27.04.2026 22:56 Last: 27.04.2026 22:56 Sources 1

About this happening: The **Silk Typhoon / Hafnium** operation is tied to a **coordinated intelligence-gathering campaign** spanning **February 2020 to June 2021**, underscoring a sustained espionage e...

Latest development: 28.04.2026 15:30

US officials described Silk Typhoon/Hafnium activity from February 2020 to June 2021 as a coordinated intelligence-gathering campaign that targeted US universities and COVID-19 researchers, including a Texas university network, and later expanded into Microsoft Exchange Server vulnerability exploitation. The operation reportedly used stolen mailbox access to search for vaccines, treatments, and testing research, and the FBI said the campaign affected more than 12,700 US organizations.

Timeline

  1. 05.05.2026 09:35 2 articles · 2mo ago

    Microsoft discloses code of conduct-themed AiTM phishing campaign

    Initial Disclosure

    Microsoft disclosed a large-scale credential theft campaign that used code of conduct-themed lures, legitimate email services, PDF attachments, multiple CAPTCHA gates, and adversary-in-the-middle phishing to steal Microsoft credentials and authentication tokens and bypass multi-factor authentication. The campaign was observed between April 14 and 16, 2026 and targeted more than 35,000 users across over 13,000 organizations in 26 countries, with 92% of targets in the U.S. and heavy targeting of healthcare and life sciences, financial services, professional services, and technology and software.

    Show sources