devtake.dev — #phishingArticles tagged phishing on devtake.dev.https://devtake.dev/en-usScammers turned a Microsoft notification address into a spam relay. The emails pass SPF, DKIM, and DMARC.https://devtake.dev/article/microsoft-internal-account-spam-abuse/https://devtake.dev/article/microsoft-internal-account-spam-abuse/Spammers found a Tenant Name injection in Entra ID that pushes fraud text into Microsoft's own OTP emails. The from-line reads msonlineservicesteam@microsoftonline.com.Mon, 25 May 2026 12:00:00 GMTsecuritysecuritymicrosoftentra-idphishingdmarcspamhausemail-securitycredential-theftluca-reinhardt