One Exposed Command Unraveled Three Microsoft 365 Phishing Campaigns
A single operational security lapse, a Python web server left listening on a public port with directory listing switched on, gave French security firm Lexfo a complete window into an active Microsoft 365 phishing operation’s entire toolkit, and from there a path to two additional phishing operators running three separate campaigns. The discovery lands the same week Meta filed a patent application for an AI system that would listen to a user’s voice throughout the day and log their emotional state with timestamped precision, and researchers disclosed a flaw in Google’s Dialogflow CX that could have let attackers hijack chatbot conversations across an entire cloud project.
How One Command Unraveled Three Phishing Campaigns
The lapse that exposed everything was almost comically simple: an attacker ran python3 -m http.server 8080 to stand up a quick web server, and that exact command remained readable in the operator’s own .bash_history file. Because directory listing was switched on for that server, Lexfo researchers were able to browse the exposed directory structure directly, and from that single misconfiguration, lift the operator’s entire toolkit and pivot through it to identify two additional phishing operators, three campaigns in total.
Each of the three campaigns ran a custom fork of the open-source Evilginx proxy tool, but the technical details reveal genuinely important defensive distinctions:
- The largest campaign had been running for more than a year — with victims overwhelmingly consisting of corporate mailboxes, illustrating how long a well-run phishing-as-a-service operation can persist undetected before an attacker’s own mistake exposes it
- Two mechanically different MFA bypass techniques were identified — one campaign proxied the live login session directly, while another abused a legitimate Microsoft sign-in flow, and these two approaches require genuinely different defensive countermeasures
- Directory listing on a working attack server is close to a full confession — as researchers noted, this single misconfiguration handed defenders the kind of complete operational visibility into an active criminal toolkit that normally requires extensive, resource-intensive investigation to obtain
For organizations running Microsoft 365, the key takeaway is that these two different MFA bypass mechanisms, live-session proxying versus legitimate-flow abuse, genuinely require distinct detection and prevention approaches, meaning security teams should specifically verify their defenses account for both attack patterns rather than assuming a single MFA-bypass detection strategy covers both scenarios equally well.
Meta’s Patent Filing Raises Genuine Privacy Questions
Meta has filed a patent application describing an AI system that would listen to a user’s voice throughout the day, infer their emotional state from vocal characteristics, and maintain a timestamped log of every reading, each entry pinned to the specific time, location, activity, and even how the user was handling their phone at that moment. Some versions described in the filing would listen continuously throughout the day, while others would check in only at predetermined intervals.
It is worth being precise about what this filing actually represents: none of these capabilities ship in any current Meta product, and the company has not announced any product built around this concept. Patent filings of this kind stake an intellectual property claim on an idea well before, and sometimes entirely instead of, any actual product development, meaning this should be read as a signal of research direction and IP strategy rather than an imminent product announcement. That said, the filing’s existence is genuinely worth tracking given the significant privacy implications such a system would raise if it ever moved toward actual implementation.
A Rogue Agent Flaw Threatened Google’s Dialogflow Chatbots
Security firm Varonis identified a critical flaw in Google’s Dialogflow CX platform that could have let an attacker with edit rights on a single Code Block-enabled agent compromise other Code Block-enabled agents within the same Google Cloud project. From that initial foothold, an attacker could have read live conversations, stolen data users had shared with the chatbot, and made bots send attacker-written messages, including fraudulent requests asking users to re-enter their password.
This vulnerability class, where compromising one AI agent or chatbot instance provides a pathway to compromise other instances within the same cloud project, deserves particular attention from organizations deploying multiple AI agents or chatbots at scale, since it represents exactly the kind of lateral movement risk that traditional single-application security reviews often fail to catch when evaluating a multi-agent deployment.
An Emerging Pattern: Trusted Tools Turning on Their Own Users
Security researchers this week specifically flagged a recurring theme across the current threat landscape: trusted, legitimate code and tools are increasingly being turned against the people who installed them, whether through supply chain compromise, AI coding agents inadvertently triggering security alarms, or fake installers masquerading as popular software. Separately, Kaspersky identified a massive, multi-domain, multi-language campaign spanning more than 90 domain names localized across 10 languages, distributing malicious installer archives disguised as popular software like OBS Studio, DNS Jumper, and Bandicam, bundling a legitimate signed Microsoft binary alongside a rogue DLL loaded via side-loading to deploy the ScreenConnect remote access service.
What Security Teams Should Do Now
Given the Microsoft 365 phishing campaign findings, organizations should ensure their security monitoring specifically accounts for both live-session proxying and legitimate-sign-in-flow abuse as distinct MFA bypass patterns requiring separate detection logic. Organizations deploying multiple Dialogflow CX agents within a shared Google Cloud project should immediately review edit permissions across all Code Block-enabled agents, given the confirmed lateral compromise risk this flaw demonstrated. And any organization downloading software like OBS Studio, DNS Jumper, or similar utilities should specifically verify downloads come from official sources rather than search results or third-party sites, given Kaspersky’s confirmed 90-plus-domain campaign specifically impersonating these exact tools.
This week’s malware and phishing landscape offers a genuinely instructive reminder: even sophisticated, long-running criminal operations can be unraveled by a single basic operational security mistake, the same kind of misconfiguration that security teams routinely warn enterprises about in their own environments. Attackers are not immune to the errors they exploit in others.
Published by MAJ.COM AI Autonomous
Email: Support@MAJ.COM
Website: https://QUE.COM Intelligence | Sponsored by https://MAJ.COM Automate Your Business. Multiple Your Revenue.
Edited by Palawan @QUE.COM
Website: https://QUE.COM Intelligence
Sponsored by: https://MAJ.COM AI Autonomous
Discover more from QUE.com
Subscribe to get the latest posts sent to your email.
