A new phishing campaign has emerged, utilizing corrupted Microsoft Word documents to compromise user credentials. Researchers from Trustwave have linked this sophisticated attack to a phishing-as-a-service platform named Rockstar 2FA, which is an updated version of the previously known DadSec/Phoenix kit, tracked by Microsoft as Storm-1575. This campaign is characterized by its ability to evade traditional security measures, exploiting vulnerabilities in Word files to facilitate adversary-in-the-middle attacks aimed at stealing Microsoft 365 credentials. The campaign highlights ongoing challenges in cybersecurity, as attackers continue to develop innovative methods to bypass defenses.