In March 2026, our SOC caught a surge of anomalous Microsoft 365 logins across dozens of organizations simultaneously.
The source: a handful of IP addresses belonging to Railway.com, a developer PaaS platform most security teams have never had reason to think about.
The technique: device code phishing, where attackers generate a legitimate Microsoft authentication code and trick users into enterin...
