Tag: mfa bypass
131 articles

EvilTokens Phishing Kit Exposes Sophisticated Evasion Tactics
Microsoft VP of security research Tanmay Ganacharya revealed that 10-15 distinct EvilTokens phishing campaigns have been launching daily since March 15, 2026, showcasing the alarming speed at which device-code phishing operations have scaled. This comes as Cisco Talos incident responders uncovered a targeted phishing chain that abused a real vendor relationship using an outstanding-invoice lure.

Phishing Kit Unveils Sophisticated BEC-as-a-Service Capabilities
Meet ARToken, a sophisticated phishing kit that's redefining the threat landscape with its Business Email Compromise (BEC)-as-a-Service capabilities, allowing attackers to launch highly targeted and convincing scams. This advanced platform is a game-changer, offering a complete BEC operations environment that's far more complex than your average phishing kit.

Hackers Exploit Microsoft 365 Flaws with 81 Million Login Attempts
In just two weeks, a massive password-spraying campaign racked up over 81 million login attempts, compromising 78 Microsoft 365 accounts across 64 organizations and highlighting a dramatic surge in cyber threats. This alarming trend saw a 155-fold increase in attacks, with organizations now facing an average of 1,964 failed login attempts per month.

Nissan Discloses Oracle PeopleSoft Breach Exposing Payroll Records
Nissan has alerted the California Attorney General to a potential data breach, revealing that a cyber attack on Oracle PeopleSoft systems may have exposed sensitive payroll records of hundreds of companies, including Nissan, from May 27 to June 9. The automaker believes it was specifically targeted in the attack, which may have compromised a range of personnel data.

FBI Warns of Russian Intelligence Signal Phishing Attacks
Stay vigilant: Russian intelligence agents are masquerading as automated support accounts to trick victims into revealing sensitive Backup Recovery Keys through phishing messages. The FBI has warned that multiple clusters of Russian hackers, including FSB officers and military hackers, are actively targeting high-risk accounts.

Russia Targets Messaging Credentials with Fake Support Texts
Beware of fake support texts that could compromise your personal data and sensitive information! A joint investigation by the Security Service of Ukraine and the FBI uncovered a systematic campaign to steal messaging platform credentials from government officials, military personnel, and activists worldwide.

FBI Warns of Russian Hackers Targeting Signal Backup Keys
Stay vigilant, as Russian hackers are now targeting Signal backup keys in an evolved phishing campaign, attempting to gain access to your historical message backups by tricking you into revealing these sensitive keys. Be cautious of messages masquerading as automated support accounts, as they may be part of this sinister plot.

FBI Warns of Russian Hackers Targeting Signal with Recovery Key Phishing
Beware of scammers posing as Signal support - the FBI and CISA warn that Russian hackers are using recovery key phishing to target users, so treat any in-app message from Signal support with extreme caution. Stay safe by being vigilant about unexpected messages.

Massive Passport Leak Exposes Sensitive Traveler Data
A staggering leak of almost a million passport records from around the world has put sensitive traveler data at risk. The breach, linked to a low-security ID verification system for cannabis dispensaries, exposed passports as a vulnerable weak point in authentication processes.

Threat Actors Exploit OpenAI Invitations to Target Cybersecurity Firms
Threat actors are cleverly exploiting OpenAI invitations to scam cybersecurity firms, creating fake tenants that mimic legitimate companies and sending convincing emails that pass authentication checks. These targeted phishing attacks allow scammers to spread malicious content through a trusted channel.

Fraud Prevention Strategies Target Multiple Elevation Levels
Fraudsters are constantly evolving, and a single-layer defense just won't cut it - that's why IPQS advocates for a layered approach to fraud prevention, because what may seem like a secure transaction to you might be just the tip of the iceberg to a sophisticated scammer. By monitoring at multiple levels, you can stay one step ahead of even the most cunning attackers.

Social Engineering Attacks Target Service Desks
Service desks have become a prime target for cyber attackers, who often find it easier to manipulate staff into divulging sensitive information than to crack the technology itself. In a string of recent incidents, hackers have successfully impersonated employees to gain access to internal systems, as seen in the 2025 UK attacks on major retailers like Marks & Spencer, Co-op, and Harrods.

Mistic Backdoor Enables Long-Term Access in Ransomware Attacks
Cyber attackers have deployed a sneaky backdoor called Mistic, allowing them to maintain long-term access to infected systems during ransomware attacks, all while staying remarkably under the radar. This stealthy threat uses clever tactics like running payloads in memory and mimicking legitimate Microsoft security tools to evade detection.

Dify Vulnerabilities Expose AI Chats Across Tenants
Researchers have uncovered four critical vulnerabilities in Dify, a popular AI platform with over 146,000 GitHub stars, that could allow attackers to read sensitive AI conversations across different customer applications without needing authentication. These flaws, collectively known as DifyTap, expose a broad attack surface due to Dify's default multi-tenant setup.

FortiBleed Campaign Exposes 80K Targets Worldwide
A massive cybersecurity threat, dubbed FortiBleed, has exposed over 80,000 Fortinet FortiGate devices worldwide, with alarming ease, by exploiting weak passwords and reused credentials. The US Cybersecurity agency is urging affected customers to secure their appliances immediately to prevent a potential breach.

NCSC Warns Fortinet Customers of Credential Theft Fallout
A massive database of 75,000 stolen credentials, including usernames, email addresses, and passwords, has been discovered, putting organisations like Oracle, Spotify, and AT&T at risk. The leak, dubbed "FortiBleed," affects customers in 194 countries and over 21,000 domains, with nearly half of all internet-accessible Fortinet firewalls potentially exposed.

CISA Warns of Widespread FortiBleed Attacks on 86,644 Devices
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning after a massive cyberattack, dubbed FortiBleed, compromised a staggering 86,644 FortiGate devices, putting countless networks at risk. Take immediate action to protect yourself: shut down active SSL VPN and admin sessions, reset passwords, and enforce strong password policies.

Fortinet and Ivanti Exploits Fuel LATAM Infrastructure Attacks
In a shocking revelation, a coordinated campaign dubbed Operation Escaneo has been exposed, targeting critical infrastructure across Mexico, Ecuador, and Portugal, with a staggering 3,708 sessions recorded over just 13 days. The attackers exploited vulnerabilities in Fortinet and Ivanti perimeter appliances to gain entry into government, tax authorities, utilities, transport, telecoms, and banks.

Kodak Breach Exposes 2.2M Records to ShinyHunters Threat Group
Kodak has confirmed a major data breach, with the ShinyHunters threat group claiming to have stolen 2.2 million records, including sensitive customer information. The company is working closely with law enforcement and cybersecurity experts to address the breach.

Account Takeovers Rise as Complexity Exposes Identity Vulnerabilities
As attackers increasingly target identities rather than infrastructure, account takeovers are on the rise - and with 22% of breaches involving credential abuse, it's clear that traditional username-and-password security just isn't cutting it. The explosion of identities across cloud services, SaaS apps, and remote environments has created a perfect storm of vulnerability.

SimpleHelp vulnerability exposes servers to rogue remote support accounts
A critical vulnerability in SimpleHelp, known as CVE-2026-48558, lets hackers create rogue remote support accounts and gain privileged access to servers, allowing them to execute scripts and wreak havoc on your system. This gaping security hole enables unauthenticated attackers to bypass multi-factor authentication and log in as a Technician user, putting your entire network at risk.

Sniper Dz Scams Target MENA Users with Fake Offers and Browser Exploits
Scammers are targeting people in the Middle East and North Africa with fake offers of free mobile internet, financial rewards, and government subsidies, using fraudulent Facebook accounts to trick victims into divulging sensitive info. These Sniper Dz scams impersonate trusted figures and organizations to lure users in with enticing deals.

FBI Disrupts AI-Powered Phishing Service with 1 Million URLs
In a major win for cyber safety, the FBI, Google, and Black Lotus Labs joined forces to dismantle Outsider Enterprise, a notorious phishing-as-a-service operation based in China that had been spreading fake text campaigns through 1 million URLs. This coordinated takedown seized key servers and accounts used by the threat actors.

Cyber-Attacks Infiltrate 84% of Sports Organizations
Cyber-attacks have hit a staggering 84% of sports organizations in the past year, with over half of those being targeted multiple times - a worrying trend in an industry where timing and spectacle are everything. This alarming statistic highlights the vulnerability of professional sports teams, venues, and event bodies to cyber threats.