Misconfigured Server Reveals Three Evilginx Phishing Operations Targeting Microsoft 365
C The Hacker News ·
Admiralty grading (A–F · 1–6)
Source reliability
- A Completely reliable
- B Usually reliable
- C Fairly reliable
- D Not usually reliable
- E Unreliable
- F Cannot be judged
Information credibility
- 1 Confirmed
- 2 Probably true
- 3 Possibly true
- 4 Doubtful
- 5 Improbable
- 6 Cannot be judged
NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.
Key insight
The discovery of a misconfigured Evilginx infrastructure with three active phishing campaigns targeting Microsoft 365 demonstrates the operational reality of reverse-proxy phishing with advanced MFA-bypass capabilities.
Description
Evilginx is a reverse-proxy phishing framework capable of intercepting authentication processes and compromising even MFA-protected accounts. A misconfigured Evilginx installation revealed three concurrent phishing campaigns targeting Microsoft 365 users with high-precision targeting capabilities. The framework creates fake login pages indistinguishable from legitimate Microsoft 365 interfaces and captures both credentials and MFA tokens. Organizations using Microsoft 365 are targets of these active campaigns currently deployed in the wild.
Risk score
- cvss base
- 0.00
- kev bonus
- 0.00
- epss bonus
- 0.00
- poc bonus
- 0.00
- raw before weight
- 0.00
- industry weight
- 1.21
- freshness factor
- 1.00
- exploitability factor
- 1.00
- days old
- 0.00
- vendor mismatch penalty
- 0.00
Path: operational