Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks

Threat actors are abusing HTTP client tools like Axios in conjunction with Microsoft's Direct Send feature to form a "highly efficient attack pipeline" in recent phishing campaigns. "Axios user agent activity surged 241 from June to August 2025," ReliaQuest said.