New VENOM phishing attacks steal senior executives' Microsoft logins

What happened

It has been reported that a newly tracked phishing campaign, dubbed "VENOM," is targeting senior executives and successfully harvesting Microsoft account credentials. The attacks allegedly use highly tailored spear-phishing lures that direct victims to convincing fake Microsoft login pages, where credentials are captured. Security observers say the focus on executives makes this more than a nuisance — it’s a straight line to sensitive inboxes, corporate documents, and administrative controls.

Why this matters

Why aim for the C-suite? Because one compromised executive login can unlock payroll, M&A chatter, legal holds — real-world damage that ripples through organizations. Observers note this fits a worrying trend: attackers concentrating on high-value targets rather than spray-and-pray campaigns. When the attackers have legitimate-looking Microsoft tokens or session cookies, containment and clean-up become much harder, and the impact climbs quickly from "annoying" to "breach."

How to defend

Defenses are familiar but urgent: enforce phishing-resistant MFA (FIDO2 or certificate-based), tighten conditional access policies, limit admin privileges, and treat executive accounts as crown jewels with extra monitoring. User training still helps, but technology controls that make stolen credentials useless are the real game-changers. And yes — assume compromise: rapid detection, logging, and incident playbooks will determine whether a credential theft becomes a headline or a footnote.

Sources: bleepingcomputer