Misconfigured Server Exposes Evilginx Phishing Operations Targeting Microsoft 365

Misconfigured Server Exposes Evilginx Phishing Operations Targeting Microsoft 365

First seen 13 Jul 2026, 13:28 UTC GbhackersThehackernews 72% similarity 64.5

Article Content

Browse articles
ThreatCluster

A misconfigured server in Budapest has exposed a phishing operation targeting Microsoft 365 users. The server was running a Python HTTP server with directory listing enabled, allowing access to phishing configurations and credential logs. Researchers identified three separate Evilginx operations leveraging this setup to bypass multi-factor authentication and steal OAuth tokens. The exposed server's IP address was 185.163.204. The incident highlights vulnerabilities in Microsoft 365's security measures. Currently, there are no specific CVEs reported, but the phishing campaigns are ongoing. Security professionals are urged to review their defenses against such tactics. The scope of impact includes any organization using Microsoft 365 that could fall victim to these phishing attempts.

Key Points: • A misconfigured server in Budapest exposed live phishing operations targeting Microsoft 365. • Three distinct Evilginx phishing campaigns were identified, bypassing multi-factor authentication. • Organizations using Microsoft 365 are at risk due to these ongoing phishing operations.

ThreatCluster AI

Timeline

2026-07-13
Misconfigured server discovered
A server in Budapest was found exposing phishing configurations and credential logs for Microsoft 365 users.
Gbhackers
2026-07-13
Three Evilginx operations revealed
Researchers uncovered three separate phishing operations targeting Microsoft 365, exploiting the exposed server.
Thehackernews

Community

Browse all →