Three active Microsoft 365 phishing campaigns just had their infrastructure exposed — not by defenders, but by an attacker's own operational mistake.