A newly discovered phishing-as-a-service operation, dubbed “Morphing Meerkat,” is employing advanced techniques such as DNS over HTTPS to evade detection. Active since at least 2020, this platform allows attackers with minimal technical knowledge to launch scalable phishing attacks. It can impersonate over 114 email providers, including major names like Gmail and Outlook, and has been sending out spam emails that prompt urgent actions. Half of the traced emails originate from internet services in the United Kingdom and the United States. Victims are lured into clicking malicious links that redirect them through a chain of compromised sites, ultimately leading to fake login pages tailored to their email domains. Once credentials are entered, they are exfiltrated to the attackers. Security experts recommend tightening DNS controls to mitigate risks associated with these types of phishing attacks, as noted by Infoblox.
Microsoft is transforming its sign-in process across platforms like Outlook, Xbox, and Microsoft 365 to support passwordless authentication methods, including passkeys, facial recognition, and fingerprint scans. This overhaul, which began rolling out in March 2025, aims to simplify and enhance user security for over three billion Microsoft users worldwide. The new system will eliminate the need for passwords during account creation, using a one-time security code instead. Additionally, users will have the option to choose between light and dark themes for a personalized experience. The changes are part of Microsoft’s broader effort to streamline the authentication user experience, making it more intuitive and secure.
The Pentagon has warned government officials regarding the messaging app Signal, stating that Russian hackers are targeting it. A department-wide email reported by NPR highlighted a vulnerability in Signal’s linked devices feature, which is being exploited to spy on encrypted conversations. This warning follows a significant security breach involving the Trump administration, where high-level officials inadvertently included a journalist in a group chat discussing military strikes in Yemen. The Pentagon had previously prohibited the use of mobile apps for sensitive information, emphasizing the need for caution in communications. As the situation develops, officials are urged to remain vigilant against phishing attempts that could compromise their accounts.
Why do we care?
I wanted to specifically highlight the threat to DoH, as well as the significant change to the way users may see login with Microsoft. MSPs should proactively assist clients in transitioning to passwordless environments. Educate users on the benefits and guide them through configuring new authentication methods, especially within Microsoft 365 environments. This change represents an opportunity to upsell security services related to identity management and user training.
As for Signal, of course it’s now a target.
