Microsoft Reports Phishing Campaign Targeting 35,000 Users Worldwide

Severity: Medium (Score: 51.9)

Sources: Thehackernews, Securityaffairs.Co

Summary

Microsoft disclosed a phishing campaign that has affected over 35,000 users across 26 countries. The attackers employed fake 'code of conduct' emails sent through legitimate platforms to deceive recipients into disclosing their login tokens. This campaign was revealed in mid-April 2026 and highlights the ongoing threat of phishing tactics in cybersecurity. The scope of the attack spans multiple countries, indicating a well-coordinated effort by the attackers. Microsoft has not specified the exact tools or vulnerabilities exploited in this campaign. Users are advised to remain vigilant against such phishing attempts. The current status of the campaign is active, with Microsoft actively monitoring the situation and providing updates. Key Points: • Over 35,000 users in 26 countries targeted by a phishing campaign. • Attackers used fake emails to steal login tokens from victims. • Microsoft disclosed the campaign in mid-April 2026.

Key Entities

• Phishing (attack_type)
• Microsoft (company)
• T1566.002 - Spearphishing Link (mitre_attack)
• T1566 - Phishing (mitre_attack)