A new Phishing-as-a-Service (PaaS) tool called FlowerStorm has emerged, targeting Microsoft 365 credentials.FlowerStorm is speculated to be the successor of the defunct Rockstar2FA, which bypassed two-factor authentication.The majority of FlowerStorm victims are located in the United States, Canada, United Kingdom, Australia, and Italy.The service industry, including engineering, construction, real estate, and legal services, is the primary target of FlowerStorm.