Find notable cyber news and cases, enriched with sources, timelines, and signals.

Jalisco and OmegaLord Microsoft 365 phishing kits

Malware Activity
First reported
Last updated
Happening score
H score 27
1 unique sources, 1 articles

Summary

Hide ▲

The Jalisco and OmegaLord phishing kits were discovered targeting Microsoft 365 accounts with methods that bypass MFA, increasing the risk of credential theft and account takeover. Jalisco uses device-code phishing, while OmegaLord impersonates a PDF Reader login page to collect login credentials and phone numbers. The activity also supports rapid session abuse after compromise, making the kits more effective against modern account defenses.

Related Happenings

Microsoft 365 device-code phishing campaign using Jalisco and OmegaLord

Campaign
H score37 First: 14.07.2026 15:49 Last: 14.07.2026 15:49 Sources 1

How related: Two new phishing kits, Jalisco and OmegaLord, have been discovered in attacks targeting Microsoft 365 accounts, using techniques that defeat multi-factor authentication (MFA).

About this happening: The **Jalisco** and **OmegaLord** campaign is targeting **Microsoft 365** accounts with **MFA-bypass phishing**, putting credentials, sessions, and downstream data at risk. Jalisc...

Forg365 PhaaS industrializes Microsoft 365 credential theft and session hijacking

Threat Actor Meta
H score36 First: 13.07.2026 16:03 Last: 13.07.2026 16:03 Sources 1

About this happening: **Forg365** has emerged as a **subscription-based phishing platform** that lowers the barrier to **Microsoft 365** account theft while scaling **session hijacking** and mailbox ab...

Microsoft Entra OAuth Client ID spoofing campaign

Campaign
H score58 First: 13.07.2026 16:00 Last: 13.07.2026 16:00 Sources 1

About this happening: A **Microsoft Entra ID** targeting campaign is using **OAuth Client ID spoofing** to evade **Entra sign-in logs** and gain stealthy access to cloud services, increasing the chance...

Forg365-ForgCookie alliance reshapes ransomware ecosystem operations

Threat Actor Meta
H score37 First: 09.07.2026 17:39 Last: 09.07.2026 17:39 Sources 1

About this happening: **Forg365** is a **phishing-as-a-service (PhaaS)** operation built to steal **Microsoft 365** accounts with **AiTM** and **device-code phishing**, increasing credential-theft risk...

Kali365 Microsoft 365 device-code phishing campaign

Campaign
H score46 First: 25.05.2026 15:45 Last: 25.05.2026 15:45 Sources 1

About this happening: A **Kali365** phishing campaign is targeting **Microsoft 365** environments worldwide with **device-code login lures**, putting accounts at risk of **token theft** and **MFA bypas...

Timeline

  1. 14.07.2026 15:49 2 articles · 1h ago

    Jalisco and OmegaLord target Microsoft 365 accounts with MFA-bypassing phishing

    Initial Disclosure

    ReliaQuest identified two phishing kits, Jalisco and OmegaLord, targeting Microsoft 365 accounts and bypassing MFA. Jalisco uses device-code phishing with freshly generated Microsoft OAuth device codes and a web portal for captured sessions, while OmegaLord uses a fake PDF Reader login page to steal credentials and associated phone numbers that can help attackers intercept or hijack MFA requests or codes.

    Show sources