Device Code Phishing Surges 1,380% — MFA Won't Save You
Device code phishing attacks jumped 1,380% in early 2026. EvilTokens and 17 other PhaaS kits now offer turnkey identity theft that bypasses MFA and passkeys.
12 articles tagged with "Mfa Bypass"
Device code phishing attacks jumped 1,380% in early 2026. EvilTokens and 17 other PhaaS kits now offer turnkey identity theft that bypasses MFA and passkeys.
Attackers exploited deprecated OAuth ROPC flow to bypass MFA, compromising 78 accounts across 64 organizations. Attack originated from Hong Kong and China infrastructure.
Netcraft identifies 70 new Bluekit hostnames as the phishing-as-a-service platform adopts real-time session hijacking that defeats all forms of traditional MFA.
CVE-2024-12802 lets attackers bypass MFA on SonicWall Gen6 VPNs even after patching. Ransomware operators actively exploiting incomplete fixes. Gen6 reached EOL April 16.
New phishing-as-a-service platform bypasses MFA via OAuth device code flow. FBI PSA details how Kali365's AI-generated lures and $250/month pricing are enabling widespread credential theft.
AI-enabled device code phishing campaigns hit hundreds of Microsoft 365 accounts daily since mid-March. Criminal toolkits proliferate as attacks bypass MFA at scale.
EvilTokens phishing platform targets Microsoft 365 identities across US, Canada, Australia, New Zealand, and Germany. OAuth abuse bypasses MFA to steal access tokens.
Global coalition seizes 330 domains powering Tycoon 2FA, a phishing-as-a-service platform that bypassed MFA to compromise 96,000 victims across 500,000 organizations.
Flare research finds enterprise identity compromise doubled in 2025, with Microsoft Entra ID appearing in 79% of logs. Session cookies enable MFA bypass at scale.
Extortion group confirms voice phishing attacks stealing SSO credentials from Crunchbase, Betterment, and more. Custom phishing kits enable real-time MFA bypass.
Critical authentication bug in popular scheduling platform reduces multi-factor auth to single-factor. Patch available in version 6.0.7.
Threat actors spoof organization domains by abusing complex mail routing and weak DMARC policies. Microsoft blocked 13 million malicious emails in October alone.