Back to News
Cybersecurity

New Forg365 PhaaS Operation Threatens Microsoft 365 Security with Advanced Phishing Tactics

Forg365 introduces sophisticated phishing-as-a-service targeting Microsoft 365, leveraging advanced techniques to compromise accounts.

A recent report highlights the emergence of Forg365, a phishing-as-a-service (PhaaS) operation specifically targeting Microsoft 365 accounts. This service employs a range of sophisticated techniques including device code phishing and adversary-in-the-middle (AitM) tactics, enhanced by artificial intelligence to generate convincing lures and evade detection by traditional security measures. Offered through Telegram for $400 a month, Forg365 represents a significant escalation in the accessibility and sophistication of cyberattack tools.

For businesses, the implications of this service are profound, as it lowers the barrier to entry for cybercriminals seeking to exploit Microsoft 365 environments. Organizations must bolster their security postures, emphasizing user education on phishing threats and investing in advanced detection systems that can identify and mitigate AitM attacks. This development underscores the critical need for robust cybersecurity strategies, particularly as adversaries increasingly leverage AI and other technologies to enhance their attack vectors, making it essential for companies to remain vigilant and proactive in their defenses.

---

*Originally reported by [The Hacker News](https://thehackernews.com/2026/07/forg365-phaas-targets-microsoft-365.html)*