Unidentified threat actors have been observed targeting publicly exposed Microsoft Exchange servers to inject malicious code into the login pages that harvest their credentials.
Positive Technologies, in a new analysis published last week, said it identified two different kinds of keylogger code written in JavaScript on the Outlook login page -

Those that save collected data to a local file



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/06/hackers-target-65-microsoft-exchange.html