Skip to main content

Tag: mfa bypass

131 articles

Cluttered office desk with open laptop, invoices, and scattered papers showing signs of disruption.

EvilTokens Phishing Kit Exposes Sophisticated Evasion Tactics

Microsoft VP of security research Tanmay Ganacharya revealed that 10-15 distinct EvilTokens phishing campaigns have been launching daily since March 15, 2026, showcasing the alarming speed at which device-code phishing operations have scaled. This comes as Cisco Talos incident responders uncovered a targeted phishing chain that abused a real vendor relationship using an outstanding-invoice lure.

Analyst 207
Darkened cityscape at dusk with a brightly-lit laptop on a cluttered table.

Phishing Kit Unveils Sophisticated BEC-as-a-Service Capabilities

Meet ARToken, a sophisticated phishing kit that's redefining the threat landscape with its Business Email Compromise (BEC)-as-a-Service capabilities, allowing attackers to launch highly targeted and convincing scams. This advanced platform is a game-changer, offering a complete BEC operations environment that's far more complex than your average phishing kit.

Analyst 207
Brightly-lit office setting with computers and network equipment in the background.

Hackers Exploit Microsoft 365 Flaws with 81 Million Login Attempts

In just two weeks, a massive password-spraying campaign racked up over 81 million login attempts, compromising 78 Microsoft 365 accounts across 64 organizations and highlighting a dramatic surge in cyber threats. This alarming trend saw a 155-fold increase in attacks, with organizations now facing an average of 1,964 failed login attempts per month.

Analyst 207
Rows of file cabinets and server racks in a brightly-lit corporate office with a slightly ajar cabinet drawer hinting at a…

Nissan Discloses Oracle PeopleSoft Breach Exposing Payroll Records

Nissan has alerted the California Attorney General to a potential data breach, revealing that a cyber attack on Oracle PeopleSoft systems may have exposed sensitive payroll records of hundreds of companies, including Nissan, from May 27 to June 9. The automaker believes it was specifically targeted in the attack, which may have compromised a range of personnel data.

Analyst 207
Government agency setting with laptop on table, hinting at technology.

FBI Warns of Russian Intelligence Signal Phishing Attacks

Stay vigilant: Russian intelligence agents are masquerading as automated support accounts to trick victims into revealing sensitive Backup Recovery Keys through phishing messages. The FBI has warned that multiple clusters of Russian hackers, including FSB officers and military hackers, are actively targeting high-risk accounts.

Analyst 207
Person sitting in quiet room, holding smartphone with concern, surrounded by papers and laptop.

Russia Targets Messaging Credentials with Fake Support Texts

Beware of fake support texts that could compromise your personal data and sensitive information! A joint investigation by the Security Service of Ukraine and the FBI uncovered a systematic campaign to steal messaging platform credentials from government officials, military personnel, and activists worldwide.

Analyst 207
Person sits in quiet room with smartphone, papers, and blurred laptop screen, conveying cautious atmosphere.

FBI Warns of Russian Hackers Targeting Signal Backup Keys

Stay vigilant, as Russian hackers are now targeting Signal backup keys in an evolved phishing campaign, attempting to gain access to your historical message backups by tricking you into revealing these sensitive keys. Be cautious of messages masquerading as automated support accounts, as they may be part of this sinister plot.

Analyst 207
Smartphone with Signal app open on screen in a public setting.

FBI Warns of Russian Hackers Targeting Signal with Recovery Key Phishing

Beware of scammers posing as Signal support - the FBI and CISA warn that Russian hackers are using recovery key phishing to target users, so treat any in-app message from Signal support with extreme caution. Stay safe by being vigilant about unexpected messages.

Analyst 207
Passport lies on a plain surface surrounded by blurred cannabis dispensary items, hinting at a security breach.

Massive Passport Leak Exposes Sensitive Traveler Data

A staggering leak of almost a million passport records from around the world has put sensitive traveler data at risk. The breach, linked to a low-security ID verification system for cannabis dispensaries, exposed passports as a vulnerable weak point in authentication processes.

Analyst 207
Employee looks concerned at laptop screen displaying OpenAI invitation email.

Threat Actors Exploit OpenAI Invitations to Target Cybersecurity Firms

Threat actors are cleverly exploiting OpenAI invitations to scam cybersecurity firms, creating fake tenants that mimic legitimate companies and sending convincing emails that pass authentication checks. These targeted phishing attacks allow scammers to spread malicious content through a trusted channel.

Analyst 207
Multi-layered city infrastructure with payment terminal in foreground.

Fraud Prevention Strategies Target Multiple Elevation Levels

Fraudsters are constantly evolving, and a single-layer defense just won't cut it - that's why IPQS advocates for a layered approach to fraud prevention, because what may seem like a secure transaction to you might be just the tip of the iceberg to a sophisticated scammer. By monitoring at multiple levels, you can stay one step ahead of even the most cunning attackers.

Analyst 207
Customer service representative on phone call at retail service desk.

Social Engineering Attacks Target Service Desks

Service desks have become a prime target for cyber attackers, who often find it easier to manipulate staff into divulging sensitive information than to crack the technology itself. In a string of recent incidents, hackers have successfully impersonated employees to gain access to internal systems, as seen in the 2025 UK attacks on major retailers like Marks & Spencer, Co-op, and Harrods.

Analyst 207
Blurred computer workstation in foreground, network equipment rack in background.

Mistic Backdoor Enables Long-Term Access in Ransomware Attacks

Cyber attackers have deployed a sneaky backdoor called Mistic, allowing them to maintain long-term access to infected systems during ransomware attacks, all while staying remarkably under the radar. This stealthy threat uses clever tactics like running payloads in memory and mimicking legitimate Microsoft security tools to evade detection.

Analyst 207
Rows of computer servers and storage equipment in a brightly-lit data center or server room.

Dify Vulnerabilities Expose AI Chats Across Tenants

Researchers have uncovered four critical vulnerabilities in Dify, a popular AI platform with over 146,000 GitHub stars, that could allow attackers to read sensitive AI conversations across different customer applications without needing authentication. These flaws, collectively known as DifyTap, expose a broad attack surface due to Dify's default multi-tenant setup.

Analyst 207
Network operations center with exposed cables and equipment near a large window.

FortiBleed Campaign Exposes 80K Targets Worldwide

A massive cybersecurity threat, dubbed FortiBleed, has exposed over 80,000 Fortinet FortiGate devices worldwide, with alarming ease, by exploiting weak passwords and reused credentials. The US Cybersecurity agency is urging affected customers to secure their appliances immediately to prevent a potential breach.

Analyst 207
Corporate headquarters with subtle hints of vulnerability and a blank computer screen.

NCSC Warns Fortinet Customers of Credential Theft Fallout

A massive database of 75,000 stolen credentials, including usernames, email addresses, and passwords, has been discovered, putting organisations like Oracle, Spotify, and AT&T at risk. The leak, dubbed "FortiBleed," affects customers in 194 countries and over 21,000 domains, with nearly half of all internet-accessible Fortinet firewalls potentially exposed.

Analyst 207
Blurred network equipment and generic devices in a brightly-lit tech infrastructure setting.

CISA Warns of Widespread FortiBleed Attacks on 86,644 Devices

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning after a massive cyberattack, dubbed FortiBleed, compromised a staggering 86,644 FortiGate devices, putting countless networks at risk. Take immediate action to protect yourself: shut down active SSL VPN and admin sessions, reset passwords, and enforce strong password policies.

Analyst 207
Rack of networking equipment in a brightly-lit municipal network closet.

Fortinet and Ivanti Exploits Fuel LATAM Infrastructure Attacks

In a shocking revelation, a coordinated campaign dubbed Operation Escaneo has been exposed, targeting critical infrastructure across Mexico, Ecuador, and Portugal, with a staggering 3,708 sessions recorded over just 13 days. The attackers exploited vulnerabilities in Fortinet and Ivanti perimeter appliances to gain entry into government, tax authorities, utilities, transport, telecoms, and banks.

Analyst 207
Interior of a Kodak facility with industrial and corporate elements, blurred computer equipment, and a neutral-toned server…

Kodak Breach Exposes 2.2M Records to ShinyHunters Threat Group

Kodak has confirmed a major data breach, with the ShinyHunters threat group claiming to have stolen 2.2 million records, including sensitive customer information. The company is working closely with law enforcement and cybersecurity experts to address the breach.

Analyst 207
Blurred laptop screen on a cluttered office desk with subtle signs of disarray.

Account Takeovers Rise as Complexity Exposes Identity Vulnerabilities

As attackers increasingly target identities rather than infrastructure, account takeovers are on the rise - and with 22% of breaches involving credential abuse, it's clear that traditional username-and-password security just isn't cutting it. The explosion of identities across cloud services, SaaS apps, and remote environments has created a perfect storm of vulnerability.

Analyst 207
Server room with technician's remote support session on blurred computer screen.

SimpleHelp vulnerability exposes servers to rogue remote support accounts

A critical vulnerability in SimpleHelp, known as CVE-2026-48558, lets hackers create rogue remote support accounts and gain privileged access to servers, allowing them to execute scripts and wreak havoc on your system. This gaping security hole enables unauthenticated attackers to bypass multi-factor authentication and log in as a Technician user, putting your entire network at risk.

Analyst 207
Smartphone screen displays social media post with Arabic interface.

Sniper Dz Scams Target MENA Users with Fake Offers and Browser Exploits

Scammers are targeting people in the Middle East and North Africa with fake offers of free mobile internet, financial rewards, and government subsidies, using fraudulent Facebook accounts to trick victims into divulging sensitive info. These Sniper Dz scams impersonate trusted figures and organizations to lure users in with enticing deals.

Analyst 207
Law enforcement officials stand in a brightly-lit press conference room with subtle hints of technology and cybersecurity…

FBI Disrupts AI-Powered Phishing Service with 1 Million URLs

In a major win for cyber safety, the FBI, Google, and Black Lotus Labs joined forces to dismantle Outsider Enterprise, a notorious phishing-as-a-service operation based in China that had been spreading fake text campaigns through 1 million URLs. This coordinated takedown seized key servers and accounts used by the threat actors.

Analyst 207
Brightly-lit sports stadium interior with scoreboard and tiered seating.

Cyber-Attacks Infiltrate 84% of Sports Organizations

Cyber-attacks have hit a staggering 84% of sports organizations in the past year, with over half of those being targeted multiple times - a worrying trend in an industry where timing and spectacle are everything. This alarming statistic highlights the vulnerability of professional sports teams, venues, and event bodies to cyber threats.

Analyst 207