A Microsoft 365 phishing panel linked to the EvilTokens ecosystem shows how criminal operators are turning login abuse, token handling, and persistence into a reusable service.
A phishing kit tied to Microsoft 365 targeting shows how attackers can lean on legitimate cloud login flows, trusted collaboration branding, and edge-hosted delivery to turn identity into the attack surface.
A React-based phishing-as-a-service panel reportedly built for Microsoft 365 abuse points to a quieter threat: industrialized token handling, not just stolen passwords.