Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
AI-Powered Forg365 Platform Targets Microsoft 365 Accounts

AI-Powered Forg365 Platform Targets Microsoft 365 Accounts

Posted on July 11, 2026 By CWS

The AI-powered Forg365 platform has emerged as a sophisticated phishing-as-a-service tool targeting Microsoft 365 accounts. By integrating AI-enhanced phishing strategies, session hijacking, and post-compromise mailbox access, Forg365 offers a comprehensive dashboard for cybercriminals.

Subscription-Based Phishing Operations

Forg365 is circulated via Telegram, enabling criminals to opt for a 30-day test period, a monthly subscription, or an annual commitment. This subscription model underscores the growing professionalism in phishing operations, as users can leverage pre-made templates, sending utilities, token storage, and AI-crafted phishing emails, eliminating the need for building phishing infrastructure from scratch.

Methods of Attack Utilized by Forg365

The platform predominantly employs two attack strategies: device-code phishing and adversary-in-the-middle (AiTM) phishing. Device-code attacks deceive victims into entering a code through an authentic Microsoft sign-in page, granting attackers access to sessions without needing the user’s password.

Conversely, AiTM phishing interposes a deceptive page between the victim and Microsoft’s authentication services, capturing session details, authentication tokens, and cookies post-login. This technique helps bypass traditional security measures focused on passwords.

Advanced Features and Techniques

Forg365 is equipped with anti-bot and cloaking techniques to bypass security scanners. It redirects traffic originating from VPNs to benign sites, thereby evading detection. The platform’s AI capabilities extend to generating convincing phishing emails and lures, facilitating the creation of business documents, invoices, and other deceptive messages.

The Forg365 dashboard also includes SMTP rotation, campaign scheduling, and templates that mimic services like SharePoint and Adobe Acrobat Sign. Its Token Vault feature stores captured tokens, while Account Intel aids in searching compromised mailboxes.

Security Implications and Recommendations

Research by ZeroBEC linked Forg365 activities to Microsoft Entra device-code events and unusual Microsoft Graph access. Some newly registered devices appeared with the prefix ‘Forg365,’ serving as potential detection indicators. Infrastructure related to these campaigns was traced to Kyiv, Ukraine, with some traffic originating from a Comcast/Xfinity IP address.

Forg365 highlights the increasing sophistication of identity-phishing services, akin to platforms like Kali365 and Sneaky FA. Organizations are advised to limit device-code authentication unless necessary and scrutinize Microsoft Entra logs for anomalies. Revoking sessions and refreshing tokens after a suspected compromise is crucial, as changing passwords alone may not suffice to block an attacker’s access.

Cyber Security News Tags:AI, AI phishing, AiTM phishing, Cybercrime, Cybersecurity, device-code attack, email security, Forg365, Microsoft 365, Microsoft Entra, Phishing, phishing-as-a-service, Security, session theft, token storage

Post navigation

Previous Post: CISA Reviews Cybersecurity Incident from AWS Credential Leak
Next Post: Security Issues Found in Popular Android VPN Apps

Related Posts

Microsoft Teams Set to Introduce Highly Anticipated Multitasking Functionality Microsoft Teams Set to Introduce Highly Anticipated Multitasking Functionality Cyber Security News
NarwhalRAT Malware Targets Korean Users via LNK Files NarwhalRAT Malware Targets Korean Users via LNK Files Cyber Security News
Cybersecurity News Weekly Newsletter – 29.7 Tbps DDoS Attack, Chrome 143, React2Shell Vulnerabilities and Cloudflare Outage Cybersecurity News Weekly Newsletter – 29.7 Tbps DDoS Attack, Chrome 143, React2Shell Vulnerabilities and Cloudflare Outage Cyber Security News
New AI Malware Era Begins as Advanced VoidLink Malware Emerges as the First Fully AI-Driven Threat Framework New AI Malware Era Begins as Advanced VoidLink Malware Emerges as the First Fully AI-Driven Threat Framework Cyber Security News
How to Stay Ahead of Vulnerabilities How to Stay Ahead of Vulnerabilities Cyber Security News
Mozilla Warns of Phishing Attacks Targeting Add-on Developers Account Mozilla Warns of Phishing Attacks Targeting Add-on Developers Account Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Security Issues Found in Popular Android VPN Apps
  • AI-Powered Forg365 Platform Targets Microsoft 365 Accounts
  • CISA Reviews Cybersecurity Incident from AWS Credential Leak
  • Dell BIOS Vulnerability Enables Quick Password Retrieval
  • FastNetMon Unveils Netomics for Enhanced Routing Control

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Security Issues Found in Popular Android VPN Apps
  • AI-Powered Forg365 Platform Targets Microsoft 365 Accounts
  • CISA Reviews Cybersecurity Incident from AWS Credential Leak
  • Dell BIOS Vulnerability Enables Quick Password Retrieval
  • FastNetMon Unveils Netomics for Enhanced Routing Control

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark