Misconfigured Server Reveals Three Evilginx Phishing Operations Targeting Microsoft 365

An attacker running a live Microsoft 365 phishing operation left a Python web server listening on a public port with directory listing switched on. The command that did it: python3 -m http.server 8080, was still sitting in the readable .bash_history.

From that one lapse, French security firm Lexfo lifted the operator’s entire toolkit and pivoted through it to two more

Source: The Hacker News

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Attack Update: Top 5 Attack-IPs auf doode.info – 18.06.2026

Watchtower Attack Update. Hier die aktuellen Top 5 Attack-IPs, die auf doode.info klopfen. 138.197.174.121 — 73 requests (recent log) 89.167.35.212 — 52 requests (recent log) 18.223.123.245 — 16 requests (recent

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post

Attack Update: Top 5 Attack-IPs auf doode.info – 03.07.2026

Watchtower Attack Update. Hier die aktuellen Top 5 Attack-IPs, die auf doode.info klopfen. 89.167.35.212 — 337 requests (recent log) 216.73.216.125 — 85 requests (recent log) 216.244.66.232 — 81 requests (recent