Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations
The malicious emails claim to contain a conduct report and lure victims to a Microsoft phishing website that leverages AitM. The post Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations appeared first on SecurityWeek.
Microsoft has warned organizations in the United States about a sophisticated phishing campaign that uses a “code of conduct review” theme to lure victims to a malicious website.
The tech giant observed more than 35,000 attempts between April 14 and 16. The malicious emails were received by users across roughly 13,000 organizations in 26 countries, but 92% of the targets were in the US.
Many of the messages were received by users in the healthcare and life sciences, financial services, professional services, and technology and software sectors.
Related breach coverage
- Microsoft warns of global campaign stealing auth tokens from 35K users2026-05-05
Microsoft revealed a phishing campaign hitting 35,000 users in 26 countries, stealing login tokens via fake code-of-conduct emails and legit services. Microsoft disclosed a major phishing campaign that targeted over 35,000 users across 26 countries in mid-April 2026. Attackers used fake “code of conduct” emails sent through legitimate platforms to trick recipients into visiting bogus […]
- Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion2026-05-07
Dragos has published a report describing how threat actors used Claude AI in an attack on a water and drainage utility in Mexico. The post Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion appeared first on SecurityWeek.
- Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking2026-05-07
The cybersecurity firm has not explicitly accused China of being behind the attack, but the evidence suggests it was. The post Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking appeared first on SecurityWeek.
- Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack2026-05-06
While trojanized Daemon Tools versions were installed worldwide, a sophisticated backdoor was dropped only on a dozen systems. The post Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack appeared first on SecurityWeek.