Jalisco and OmegaLord phishing kits bypass Microsoft 365 MFA
Source headline: New phishing kits target Microsoft 365 accounts, evade MFA
Intelligence Summary
Two phishing kits, Jalisco and OmegaLord, are being used against Microsoft 365 accounts. The campaigns rely on techniques designed to defeat multi-factor authentication rather than simply tricking for passwords. If successful, attackers can gain access to email and other Microsoft 365 resources. The activity highlights how MFA alone may not fully protect users from modern social engineering flows. Microsoft 365 administrators and users should review account activity and follow phishing-resistant protection guidance, including stronger conditional access and verification controls.
Recommended Action
Review affected assets, schedule urgent remediation, and monitor related indicators.