Microsoft Threat Intelligence has issued a warning regarding a large-scale phishing campaign targeting the hospitality industry, attributed to a threat actor known as Storm-1865. The campaign exploits malicious OAuth applications masquerading as legitimate services, including Adobe and DocuSign, to compromise Microsoft 365 accounts. Attackers are utilizing fake security alerts and pop-ups to hijack accounts and facilitate business email compromise (BEC) schemes. The malicious apps leverage the trusted infrastructure of Microsoft 365, leading to credential harvesting and potential malware downloads. The ongoing attacks highlight the vulnerabilities within widely used platforms and the need for heightened security measures.