From bleepingcomputer.com
An Office 365 phishing campaign abused Google Ads to bypass secure email gateways (SEGs), redirecting employees of targeted organizations to phishing landing pages and stealing their Microsoft credentials.
The attackers behind these attacks took advantage of the fact that the domains used by Google’s Ads platform are overlooked by SEGs, which allows them to deliver their phishing messages to their targets’ inboxes bypassing email filters.