Hackers are exploiting Microsoft’s legacy ADFS identity solution in a phishing campaign, targeting organizations worldwide with highly convincing emails and spoofed login pages. The campaign, particularly successful against the education sector, highlights the need for organizations to transition to modern identity platforms and adopt multi-layered cyber defense strategies.