9 articles tagged with "Mfa Bypass"
CVE-2024-12802 lets attackers bypass MFA on SonicWall Gen6 VPNs even after patching. Ransomware operators actively exploiting incomplete fixes. Gen6 reached EOL April 16.
New phishing-as-a-service platform bypasses MFA via OAuth device code flow. FBI PSA details how Kali365's AI-generated lures and $250/month pricing are enabling widespread credential theft.
AI-enabled device code phishing campaigns hit hundreds of Microsoft 365 accounts daily since mid-March. Criminal toolkits proliferate as attacks bypass MFA at scale.
EvilTokens phishing platform targets Microsoft 365 identities across US, Canada, Australia, New Zealand, and Germany. OAuth abuse bypasses MFA to steal access tokens.
Global coalition seizes 330 domains powering Tycoon 2FA, a phishing-as-a-service platform that bypassed MFA to compromise 96,000 victims across 500,000 organizations.
Flare research finds enterprise identity compromise doubled in 2025, with Microsoft Entra ID appearing in 79% of logs. Session cookies enable MFA bypass at scale.
Extortion group confirms voice phishing attacks stealing SSO credentials from Crunchbase, Betterment, and more. Custom phishing kits enable real-time MFA bypass.
Critical authentication bug in popular scheduling platform reduces multi-factor auth to single-factor. Patch available in version 6.0.7.
Threat actors spoof organization domains by abusing complex mail routing and weak DMARC policies. Microsoft blocked 13 million malicious emails in October alone.