Security researchers have identified a new sophisticated phishing-as-a-service (PhaaS) operation named Forg365 that presents a significant threat to Microsoft 365 environments. This emerging service combines multiple advanced techniques in a single, affordable package available to cybercriminals through underground channels. The emergence of such comprehensive attack toolkits democratizes access to sophisticated attacks once reserved for highly skilled threat actors, potentially accelerating the volume and complexity of phishing campaigns worldwide.

Forg365 operates as a subscription-based service distributed through Telegram channels at $400 monthly or $3,800 annually, making advanced phishing capabilities accessible to a broader range of threat actors. The service specifically targets Microsoft 365 accounts by employing a multi-faceted approach that includes device code phishing and adversary-in-the-middle (AitM) tactics to steal user sessions. Particularly concerning is the platform's incorporation of antibot evasion mechanisms and AI-assisted lure creation, which enables more convincing and harder-to