security: Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise

Microsoft Defender Research reported a large-scale credential theft campaign using code of conduct-themed phishing lures, multi-step delivery, and legitimate email services to send authenticated messages from attacker-controlled domains. The campaign led to adversary-in-the-middle (AiTM) token compromise.

• Source: Microsoft Security Blog