Microsoft warns of global campaign stealing auth tokens from 35K users

(Pierluigi Paganini – Security Affairs) Microsoft disclosed a major phishing campaign that targeted over 35,000 users across 26 countries in mid-April 2026. Attackers used fake “code of conduct” emails sent through legitimate platforms to trick recipients into visiting bogus sites that stole authentication tokens. “The campaign targeted tens of thousands of users, primarily in the United States, and directed them through several stages of CAPTCHA and intermediate staging pages designed to reinforce legitimacy while filtering out automated defenses.” reads the report published by Microsoft. “The lures in this campaign used polished, enterprise-style HTML templates with structured layouts and preemptive authenticity statements, making them appear more credible than typical phishing emails and increasing their plausibility as legitimate internal communications.“. Most victims (92%) were in the U.S., mainly in healthcare and finance. – Microsoft warns of global campaign stealing auth tokens from 35K users

Microsoft warns of global campaign stealing auth tokens from 35K users

SIOI – Mondi in progress (6 maggio 2026)

Romanian socialists and far right topple government

Trump suspends Hormuz operation, claims progress on Iran deal

Iran: divampa la battaglia navale, ma la “tregua indefinita” regge

Prove di avvicinamento tra Ue e Armenia. Al vertice di Erevan presente anche il Canada

Russian fiber-optic FPV drones reach Kramatorsk, Ukraine’s Donbas stronghold

Ukraine condemns Egypt for allowing transit of stolen grain

UK sanctions Russian individuals, entities responsible for exploiting migrants in its war effort

Robert Murrett: A US Vice-Admiral On The ‘Very Tough Challenge’ Of Hormuz