:

NEW PHISHING KITS BYPASS MICROSOFT 365 MFA

SECURITY DESK2 MIN READ
TUE, JUL 14, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Two newly discovered phishing kits, Jalisco and OmegaLord, are actively targeting Microsoft 365 accounts with techniques designed to circumvent multi-factor authentication protections.

Security researchers have identified two sophisticated phishing kits exploiting Microsoft 365 users despite MFA defenses. The kits, named Jalisco and OmegaLord, employ advanced techniques to steal credentials and authentication tokens, rendering traditional MFA protections ineffective. Both kits operate by creating convincing replicas of Microsoft 365 login pages. When users enter their credentials, the kits capture the information in real time. The critical difference from standard phishing attacks is their ability to intercept and relay MFA challenges, allowing attackers to complete authentication without the victim's knowledge. Jalisco uses a reverse-proxy approach, positioning itself between the user and Microsoft's servers. This method captures credentials and MFA tokens as they're transmitted, giving attackers legitimate session access. OmegaLord employs similar interception techniques with additional obfuscation to evade detection by security tools. These kits represent an escalation in phishing sophistication. Traditional MFA—typically SMS codes or authenticator apps—becomes ineffective when attackers control the authentication flow. Users who believe MFA protects them completely remain vulnerable to these attacks. Organizations using Microsoft 365 should implement additional security measures beyond standard MFA. Recommended protections include conditional access policies that flag unusual login locations or devices, passwordless authentication methods like Windows Hello or FIDO2 security keys, and user education about phishing risks. Microsoft 365 administrators should review login logs for suspicious activity and consider enforcing stricter authentication requirements for sensitive accounts. Security teams should monitor for phishing domains mimicking Microsoft properties and use threat intelligence to identify Jalisco and OmegaLord indicators of compromise. The discovery underscores a broader trend: as organizations adopt MFA, attackers develop more sophisticated methods to defeat it. Standard MFA alone is no longer sufficient for comprehensive account protection.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

JUST NOWIndustry Desk

Vancouver Police Department has implemented a discreet button on its website that instantly closes the page and clears browser history when clicked. The feature is designed to help domestic violence survivors quickly hide their browsing activity.

JUST NOWIndustry Desk

Europe's digital identity wallet age verification system will only work on iOS and Android devices, excluding alternative mobile platforms. The technical specification has drawn criticism from privacy advocates and open-source developers.

5H AGOIndustry Desk

The Trump administration has established the Gold Eagle federal clearinghouse to enable real-time sharing of AI-related cyber threat intelligence between government agencies and private sector companies. The White House says the system is already receiving vulnerability reports and coordinating patch prioritization.

6H AGOAI Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.