The VENOM PhaaS campaign targets Microsoft 365 and SharePoint by abusing legitimate Microsoft OAuth authentication flows — specifically adversary-in-the-middle proxying and device-code phishing — to steal session tokens and bypass push-notification and TOTP-based MFA. No CVE or patch applies; defense requires authentication architecture changes including phishing-resistant MFA (FIDO2), disabling the OAuth device authorization grant flow where not operationally required, and enforcing Conditional Access policies requiring managed devices for C-suite accounts. Organizations relying solely on standard MFA for executive accounts should treat this as an active gap.