VENOM Phishing-as-a-Service Platform Targets C-Suite Executives' Microsoft Credentials

A previously undocumented phishing-as-a-service platform called VENOM is being used to target C-suite executives across multiple industries, specifically harvesting Microsoft account credentials. The platform provides attackers with ready-made infrastructure and templates for high-volume, high-precision executive credential theft campaigns.

Compromising senior executive accounts gives attackers access to approvals workflows, sensitive M&A communications, and privileged internal systems — enabling business email compromise, financial fraud, and lateral movement. Organizations should enforce FIDO2 phishing-resistant MFA on all executive accounts and implement conditional access policies restricting logins to managed, compliant devices. Monitoring Microsoft Entra ID sign-in logs for anomalous authentication patterns is recommended as a detection measure.