Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials

Jun 26, 2026 - 12:30

Mirage2FA, a phishing kit that combines short-lived HTML smuggling with obfuscated JavaScript loaders to deliver fake Microsoft 365 login pages and steal credentials during MFA prompts, has been identified by researchers at Fortra. Fortra based its analysis on a suspicious HTML and JavaScript attachment delivered by email, supporting DNS data, and the second-stage phishing page. Researchers said the campaign relied on business-themed lures, including secure documents, remittance services, automated billing, and payment requests. Opening the … More →

The post Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials appeared first on Help Net Security.

USDT gets a Brazil payment route to...

Crypto’s RWA boom finds retail demand...

Strategy’s Bitcoin bet sinks $12 billion...

What Are XRP’s Most Important Levels...

Metaplanet Stock Down 88% in a Year...

The White House is asking OpenAI to...

Patronus AI lands $50M to build ‘digital...

Anthropic’s Claude is winning over paid...

Databricks’ former AI chief thinks he...

General Intuition’s $2.3B bet that video...

Synology issues critical fix for MailPlus...

Critical open-source projects get a...

Microsoft Warns of Photo ZIP Phishing...

Miasma Malware Targets npm Packages...

SIM-swapping gang busted in international...

Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials

Ransomware gangs find Europe’s weakest link in third-party suppliers

Mystery hackers use novel SharkLoader dropper against governments, software devs

New macOS malware embeds fake errors to confuse AI a...

Local Police Collusion Hampers Crackdown on Asian Sc...

Two CEOs on why security and AI readiness belong tog...

Synology issues critical fix for MailPlus Server vul...

Modelplane: Open-source control plane for AI inference

Critical open-source projects get a new security fra...

Popular Posts

Day Zero Readiness: The Operational Gaps That Break Incident...

With Complex Cloud Integrations, Small Errors Lead to Major...

Printr Launches V2 Platform Update With Five Fee Models...

Google DeepMind is worried about what happens when millions...

Onramp Raises $12.5M Series A to Scale Multi-Institution...

Recommended Posts

Prediction Market Kalshi Eyes IPO as Revenue Hits $2 Billion ...

Health App Users Receiving $59,500,000 Payout in Settlement...

Billionaire Ambani wants AI in every call, app, and home...

Patronus AI lands $50M to build ‘digital worlds’ that stress-test...

UK bond fund ownership records move onto Ethereum and Solana...

Polymarket to Refund Users After Hackers Steal $3M in Frontend...

USDT gets a Brazil payment route to...

Crypto’s RWA boom finds retail demand...

Strategy’s Bitcoin bet sinks $12 billion...

What Are XRP’s Most Important Levels...

Metaplanet Stock Down 88% in a Year...

The White House is asking OpenAI to...

Patronus AI lands $50M to build ‘digital...

Anthropic’s Claude is winning over paid...

Databricks’ former AI chief thinks he...

General Intuition’s $2.3B bet that video...

Synology issues critical fix for MailPlus...

Critical open-source projects get a...

Microsoft Warns of Photo ZIP Phishing...

Miasma Malware Targets npm Packages...

SIM-swapping gang busted in international...

Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials

Related Posts

Popular Posts

Recommended Posts