Skip to main content

Tag: mfa bypass

131 articles

Person sitting at laptop with unease, surrounded by office environment.

OAuth Grants Expose Hidden Risk Below MFA Perimeter

In just five weeks, a phishing-as-a-service platform called EvilTokens compromised over 340 Microsoft 365 organizations across five countries by exploiting a clever trick: instead of stealing passwords, it convinced users to hand over OAuth refresh tokens, granting attackers long-term access to sensitive data like mailboxes, drives, and calendars. This sneaky tactic allowed hackers to bypass traditional security measures, including multi-factor authentication.

Analyst 207
Office worker looks concerned at laptop screen displaying Microsoft device login page.

Tycoon2FA Exploits Microsoft 365 with Device-Code Phishing

Beware of Tycoon2FA's sneaky phishing tactics: victims are tricked into granting OAuth tokens to attackers through Microsoft's own device-login flow after clicking a malicious link. This comeback kid of a phishing kit has bounced back from a March disruption, now with added layers of obfuscation to evade detection.

Analyst 207
Gas station attendant checks fuel level on tank gauge screen in dimly lit storage room.

Iran Targets US Gas Stations with Tank Reader Hacks

US gas stations have been targeted by Iranian hackers, who manipulated fuel level readings at vulnerable sites, sparking concerns of a potentially catastrophic cyber attack. The breach highlights the alarming threat of kinetic cyber attacks, with experts warning of the devastating consequences.

Analyst 207
Person in a corporate office speaking on phone with neutral expression.

Social Engineering Exposes Vulnerability in Corporate Networks

A clever phone call can be all it takes to breach a corporate network - just ask Brandon Dixon, a former penetration tester who convinced an IT security team to hand over root access by pretending to be their boss. With a simple social engineering trick, Dixon was able to reset his "password" and gain unrestricted access to the network.

Analyst 207
Office reception area with blurred laptop and person interacting with digital signage.

Enterprises Face AI-Generated Fraud Onslaught

Fraudsters are unleashing an AI-powered assault on enterprises, with synthetic identities skyrocketing 100-fold and deepfake impersonations rising sevenfold in just two years. This alarming surge is catching businesses off guard, with nearly half reporting a significant increase in AI-driven fraud.

Analyst 207
Windows laptop on cluttered desk in dimly lit home office with open keyboard and touchpad visible.

BitLocker Zero-Day Exposes Windows Drives to Unauthorized Access

A security researcher, Chaotic Eclipse, has dropped a bombshell by releasing proof-of-concept code for two unpatched Windows vulnerabilities, citing frustration with Microsoft's handling of previous bug reports. This move exposes Windows drives to unauthorized access, even with TPM+PIN protection in place.

Analyst 207
University campus scene with laptop in background and symbolic data representation.

Instructure Negotiates Data Return After Ransomware Breach

In a major win for data security, Instructure has successfully negotiated the return of stolen data and confirmed its destruction after a ransomware breach affected nearly 9,000 educational institutions using its Canvas Learning Management System. The company has ensured that its affected customers are protected and won't be individually targeted for extortion.

Analyst 207
Person in business casual outfit working intently at a laptop in a brightly-lit office security area.

Organizations Fortify Defenses Against Evolving Scattered Spider Threats

As Scattered Spider threats evolve, organizations across finance, healthcare, and telecom are bolstering their defenses against sophisticated identity-driven attacks. They're facing an adaptable adversary that's changing tactics, putting pressure on institutions to respond.

Analyst 207
Windows office workstations with computers and monitors in daylight-lit setting, highlighting potential vulnerabilities in…

Attackers Exploit AD CS for Stealthy Privilege Escalation

Malicious actors are exploiting weaknesses in Active Directory Certificate Services (AD CS) to secretly escalate privileges, often disguising their attacks as routine administrative actions. This stealthy tactic allows them to blend in with normal operations, making it a high-impact threat that's often under-monitored.

Analyst 207
A cluttered office desk with laptop, coffee cup, and papers, in a brightly-lit open-plan setting.

Threat Actors Leverage AI for Vulnerability Exploitation and Cyber Operations

Google Threat Intelligence Group has spotted a threat actor using a zero-day exploit likely developed with AI, marking a chilling new trend in cybercrime. This game-changing tactic turbocharges exploit development, malware autonomy, and access to premium AI services.

Analyst 207
Laptop screen displays code on minimalist desk in bright tech lab setting.

Google Exposes AI-Driven Zero-Day 2FA Bypass Exploit

Google's Threat Intelligence Group just uncovered a zero-day exploit that was likely crafted by AI, highlighting the rapidly evolving threat landscape. This AI-driven attack uses a Python script with telltale signs of large language model-generated code.

Analyst 207
Laptop screen displays system administration tool with blurred office background and code on nearby whiteboard.

Google Exposes AI-Generated Zero-Day Exploit Used by Hackers

Google's Threat Intelligence Group has made a groundbreaking discovery - a zero-day exploit, potentially crafted with AI, was used by hackers to bypass two-factor authentication in a widely-used open-source tool. This alarming finding highlights the emerging threat of AI-generated cyber attacks.

Analyst 207
Mac laptop on a desk with a Terminal window open, in a blurred office setting.

Hackers Exploit Google Ads, AI Chats to Spread Mac Malware

Malicious hackers are exploiting Google ads and AI chat platforms to trick Mac users into downloading malware, using a sneaky tactic that involves fake installation guides and Terminal commands. Clicking on what seems to be a legitimate ad can lead to a malware-ridden surprise, thanks to a vulnerability in Claude's shared-chat feature.

Analyst 207
Blurred laptop screen shows Canvas login page in bright college library setting.

ShinyHunters Breach Exposes 330 Colleges in Canvas Hack

The notorious ShinyHunters gang has breached Instructure's Canvas, exposing a staggering 330 colleges to a devastating hack, and issued a chilling ultimatum with a May 2026 deadline to negotiate. The attackers replaced login pages with an extortion message, demanding schools seek cyber advisory help and secretly reach out to settle.

Analyst 207
Dimly lit, ransacked suburban home interior with laptop and digital wallet setup.

Crypto Heist Ringleader Gets 6.5 Years for $230 Million Loot

Marlon Ferro, the mastermind behind a brazen crypto heist, has been sentenced to 6.5 years for stealing $230 million in cryptocurrency using a cunning mix of online scams and targeted home invasions. He served as the group's instrument of last resort, carrying out daring residential burglaries to get his hands on valuable digital assets.

Analyst 207
Laptop screen shows Google search results with suspicious ManageWP ad amidst office or home workspace.

Hackers exploit Google ads for ManageWP phishing scam

Beware of a sneaky phishing scam targeting ManageWP users, where hackers use Google ads to trick victims into divulging their login credentials on a fake website that looks identical to the real one. This clever attack can put hundreds of sites at risk, since each ManageWP account typically hosts multiple sites.

Analyst 207
Laptop screen displays Microsoft Teams meeting in modern office setting with blurred cityscape background.

MuddyWater Exploits Microsoft Teams in False Flag Ransomware Attacks

MuddyWater hackers are impersonating Chaos ransomware affiliates, using clever social engineering tactics via Microsoft Teams to steal credentials and gain access to sensitive systems. Their sophisticated campaign involves interactive screen-sharing and manipulation of multi-factor authentication.

Analyst 207
Brightly-lit office interior with subtle Middle Eastern architectural influence, laptop screen in foreground.

Iran-Linked APT Exploits Ransomware Disguise for Espionage

MuddyWater, an Iran-linked APT group, has been caught exploiting a ransomware disguise to secretly infiltrate systems, using interactive tactics to harvest credentials and gain internal access. By masquerading as a Chaos ransomware affiliate, the group aimed to throw off detectives and cover its espionage tracks.

Analyst 207
Brightly-lit office desk near a window with a computer screen or email inbox in the foreground.

Microsoft Uncovers Large-Scale Phishing Campaign Using Fake Compliance Emails

In just 48 hours, a massive phishing campaign targeted over 35,000 users across 13,000 organizations in 26 countries, using convincing fake compliance emails to steal login credentials. The sophisticated attack, detected by Microsoft's Defender Research team, hit US firms hard, but its global reach was widespread.

Analyst 207
Laptop workstation in a brightly-lit hospital corridor with medical equipment and computers in the background.

Microsoft Exposes Large-Scale Phishing Campaign Targeting 35,000 Users Worldwide

A massive phishing campaign targeting over 35,000 users worldwide has been uncovered, using sophisticated email templates that convincingly masquerade as legitimate internal communications. The highly convincing lures successfully hit organizations across 26 countries, with a staggering 92% of targets based in the US.

Analyst 207
Hospital corridor with staff and patients, calm yet concerned atmosphere.

Ransomware Breach Exposes Sensitive Data at Sandhills Medical Foundation

Sandhills Medical Foundation suffered a devastating ransomware attack on May 8, 2025, putting sensitive data at risk. It took nearly 11 months for affected individuals to be notified in April 2026, sparking an investigation into the breach.

Analyst 207
Concerned person checks laptop in small workspace, conveying vulnerability.

Vietnamese Hackers Exploit Google AppSheet in 30,000-Account Facebook Phishing Spree

A massive phishing operation, dubbed AccountDumpling, has compromised around 30,000 Facebook accounts using a clever tactic: sending malicious emails from a legitimate Google AppSheet address to bypass spam filters. This sophisticated scam was more than just a simple phishing kit - it was a constantly evolving operation with real-time control panels and a lucrative criminal enterprise.

Analyst 207
A brightly-lit office workspace with a laptop on a desk, surrounded by ordinary decor and a subtle hint of a phone nearby.

Cybercrime Groups Exploit Vishing, SSO Abuse in SaaS Extortion Spree

Cybercrime groups are launching lightning-fast extortion attacks within trusted SaaS environments, exploiting vishing and SSO abuse to evade detection and strike with precision. By hiding in plain sight, they're creating significant challenges for defenders trying to keep up.

Analyst 207
Multi-monitor workstation with Remote Desktop security warnings on each screen.

Microsoft Fixes Remote Desktop Security Warning Display Flaw

Microsoft just dropped an optional update, KB5083631, to squash a bug that's been causing Remote Desktop security warnings to display incorrectly - a fix that's especially crucial for those using multiple monitors with different scaling settings. This targeted update is part of a larger release that includes 34 other changes to improve your Windows 11 experience.

Analyst 207