Microsoft News

Microsoft today introduced MAI-Image-1, its first in-house text-to-image model, as part of a broader push to build proprietary AI systems…

Microsoft appears to be working on a standalone OneDrive app for Windows 11, based on a recent leak from its…

Microsoft CEO Satya Nadella recently spotlighted the fact that Microsoft already operates over 300 data centers across 34 countries, positioning…

Microsoft has become the first major global tech giant to join the World Nuclear Association (WNA), a move that marks…

Microsoft has unveiled its very first in‑house AI models—MAI‑Voice‑1, a high‑fidelity, ultra‑fast speech generation engine, and MAI‑1‑preview, a mixture‑of‑experts large…

A newly disclosed vulnerability in Microsoft’s Entra ID (formerly Azure Active Directory), tracked as CVE-2025-55241, could have allowed a determined…

Microsoft has quietly released a significant upgrade to its free PowerToys utility for Windows 11, introducing long-requested features: automatic theme…

Microsoft has rolled Windows 11 version 25H2 into the Release Preview Channel, and it’s not bringing flashy new features—just the…

A new, sophisticated phishing campaign is exploiting Microsoft’s own infrastructure—Active Directory Federation Services (ADFS) and trusted office.com redirects—to harvest Microsoft 365 credentials. Malicious actors deploy malvertising, leading users from legitimate ads (e.g. for “Office 365”) through trusted Microsoft domains like outlook.office.com, before redirecting them to attacker-controlled phishing sites. By leveraging ADFS configurations within a valid Microsoft tenant, these redirects appear authentic to both users and security filters, enabling credential theft and even bypassing MFA protections. Security researchers urge organizations to closely monitor ADFS redirect chains, analyze Google ad parameters directing to office.com, and deploy enterprise-wide ad blockers as part of effective risk mitigation.
Sources:
Bleeping Computer
,
Computing.co.uk
,
Cyber Security News
Key Takeaways
– The attack—dubbed “ADFSjacking”—abuses Microsoft’s ADFS infrastructure and valid redirects to masquerade phishing pages as authentic, thereby evading standard security tools.
– Conditional loading and intermediary domains (like faux travel blogs) further mask the redirection chain, returning non-target users to legitimate sites.
– Mitigation measures include monitoring for unusual ADFS redirects, inspecting Google ad traffic parameters for office.com, and deploying ad blockers and behavioral detection systems.
In-Depth
In a troubling escalation of cyber threats, attackers are now weaponizing Microsoft’s own identity infrastructure to probe and steal user credentials without drawing suspicion. Known as “ADFSjacking,” this strategy harnesses active directory federation services (ADFS) and trusted office.com redirects to construct a near-perfect phishing environment.
Users clicking on seemingly legitimate ads for Office 365 are funneled through outlook.office.com—giving the impression that everything is safe—before being funneled to cleverly masked credential-stealing pages. These redirects are made possible through attacker-controlled Microsoft tenants that orchestrate the redirection flow, manipulating ADFS to appear benign to security systems and users alike.
The sophistication is further evidenced by conditional loading: only the intended victim sees the phishing page, while others are harmlessly bounced back to the real Microsoft site. This stealth approach also taps into reverse-proxy techniques and token theft to sidestep multi-factor authentication.
Organizations must recalibrate their defenses accordingly: look for ADFS redirect chains targeting unknown domains, inspect Google ad-to-office.com traffic for suspicious parameters, enforce enterprise ad-blocking measures, and shift toward behavior-based detection tools that identify anomalies rather than relying solely on URL filtering. In the game of phishing, leveraging the trust of infrastructure yields powerful rewards for attackers—but informed vigilance can still level the playing field.

At Microsoft’s Redmond campus, worker-led protests organized by “No Azure for Apartheid” resulted in 18 arrests after demonstrators splashed red…