Tag: mfa bypass
131 articles

OAuth Grants Expose Hidden Risk Below MFA Perimeter
In just five weeks, a phishing-as-a-service platform called EvilTokens compromised over 340 Microsoft 365 organizations across five countries by exploiting a clever trick: instead of stealing passwords, it convinced users to hand over OAuth refresh tokens, granting attackers long-term access to sensitive data like mailboxes, drives, and calendars. This sneaky tactic allowed hackers to bypass traditional security measures, including multi-factor authentication.

Tycoon2FA Exploits Microsoft 365 with Device-Code Phishing
Beware of Tycoon2FA's sneaky phishing tactics: victims are tricked into granting OAuth tokens to attackers through Microsoft's own device-login flow after clicking a malicious link. This comeback kid of a phishing kit has bounced back from a March disruption, now with added layers of obfuscation to evade detection.

Iran Targets US Gas Stations with Tank Reader Hacks
US gas stations have been targeted by Iranian hackers, who manipulated fuel level readings at vulnerable sites, sparking concerns of a potentially catastrophic cyber attack. The breach highlights the alarming threat of kinetic cyber attacks, with experts warning of the devastating consequences.

Social Engineering Exposes Vulnerability in Corporate Networks
A clever phone call can be all it takes to breach a corporate network - just ask Brandon Dixon, a former penetration tester who convinced an IT security team to hand over root access by pretending to be their boss. With a simple social engineering trick, Dixon was able to reset his "password" and gain unrestricted access to the network.

Enterprises Face AI-Generated Fraud Onslaught
Fraudsters are unleashing an AI-powered assault on enterprises, with synthetic identities skyrocketing 100-fold and deepfake impersonations rising sevenfold in just two years. This alarming surge is catching businesses off guard, with nearly half reporting a significant increase in AI-driven fraud.

BitLocker Zero-Day Exposes Windows Drives to Unauthorized Access
A security researcher, Chaotic Eclipse, has dropped a bombshell by releasing proof-of-concept code for two unpatched Windows vulnerabilities, citing frustration with Microsoft's handling of previous bug reports. This move exposes Windows drives to unauthorized access, even with TPM+PIN protection in place.

Instructure Negotiates Data Return After Ransomware Breach
In a major win for data security, Instructure has successfully negotiated the return of stolen data and confirmed its destruction after a ransomware breach affected nearly 9,000 educational institutions using its Canvas Learning Management System. The company has ensured that its affected customers are protected and won't be individually targeted for extortion.

Organizations Fortify Defenses Against Evolving Scattered Spider Threats
As Scattered Spider threats evolve, organizations across finance, healthcare, and telecom are bolstering their defenses against sophisticated identity-driven attacks. They're facing an adaptable adversary that's changing tactics, putting pressure on institutions to respond.

Attackers Exploit AD CS for Stealthy Privilege Escalation
Malicious actors are exploiting weaknesses in Active Directory Certificate Services (AD CS) to secretly escalate privileges, often disguising their attacks as routine administrative actions. This stealthy tactic allows them to blend in with normal operations, making it a high-impact threat that's often under-monitored.

Threat Actors Leverage AI for Vulnerability Exploitation and Cyber Operations
Google Threat Intelligence Group has spotted a threat actor using a zero-day exploit likely developed with AI, marking a chilling new trend in cybercrime. This game-changing tactic turbocharges exploit development, malware autonomy, and access to premium AI services.

Google Exposes AI-Driven Zero-Day 2FA Bypass Exploit
Google's Threat Intelligence Group just uncovered a zero-day exploit that was likely crafted by AI, highlighting the rapidly evolving threat landscape. This AI-driven attack uses a Python script with telltale signs of large language model-generated code.

Google Exposes AI-Generated Zero-Day Exploit Used by Hackers
Google's Threat Intelligence Group has made a groundbreaking discovery - a zero-day exploit, potentially crafted with AI, was used by hackers to bypass two-factor authentication in a widely-used open-source tool. This alarming finding highlights the emerging threat of AI-generated cyber attacks.

Hackers Exploit Google Ads, AI Chats to Spread Mac Malware
Malicious hackers are exploiting Google ads and AI chat platforms to trick Mac users into downloading malware, using a sneaky tactic that involves fake installation guides and Terminal commands. Clicking on what seems to be a legitimate ad can lead to a malware-ridden surprise, thanks to a vulnerability in Claude's shared-chat feature.

ShinyHunters Breach Exposes 330 Colleges in Canvas Hack
The notorious ShinyHunters gang has breached Instructure's Canvas, exposing a staggering 330 colleges to a devastating hack, and issued a chilling ultimatum with a May 2026 deadline to negotiate. The attackers replaced login pages with an extortion message, demanding schools seek cyber advisory help and secretly reach out to settle.

Crypto Heist Ringleader Gets 6.5 Years for $230 Million Loot
Marlon Ferro, the mastermind behind a brazen crypto heist, has been sentenced to 6.5 years for stealing $230 million in cryptocurrency using a cunning mix of online scams and targeted home invasions. He served as the group's instrument of last resort, carrying out daring residential burglaries to get his hands on valuable digital assets.

Hackers exploit Google ads for ManageWP phishing scam
Beware of a sneaky phishing scam targeting ManageWP users, where hackers use Google ads to trick victims into divulging their login credentials on a fake website that looks identical to the real one. This clever attack can put hundreds of sites at risk, since each ManageWP account typically hosts multiple sites.

MuddyWater Exploits Microsoft Teams in False Flag Ransomware Attacks
MuddyWater hackers are impersonating Chaos ransomware affiliates, using clever social engineering tactics via Microsoft Teams to steal credentials and gain access to sensitive systems. Their sophisticated campaign involves interactive screen-sharing and manipulation of multi-factor authentication.

Iran-Linked APT Exploits Ransomware Disguise for Espionage
MuddyWater, an Iran-linked APT group, has been caught exploiting a ransomware disguise to secretly infiltrate systems, using interactive tactics to harvest credentials and gain internal access. By masquerading as a Chaos ransomware affiliate, the group aimed to throw off detectives and cover its espionage tracks.

Microsoft Uncovers Large-Scale Phishing Campaign Using Fake Compliance Emails
In just 48 hours, a massive phishing campaign targeted over 35,000 users across 13,000 organizations in 26 countries, using convincing fake compliance emails to steal login credentials. The sophisticated attack, detected by Microsoft's Defender Research team, hit US firms hard, but its global reach was widespread.

Microsoft Exposes Large-Scale Phishing Campaign Targeting 35,000 Users Worldwide
A massive phishing campaign targeting over 35,000 users worldwide has been uncovered, using sophisticated email templates that convincingly masquerade as legitimate internal communications. The highly convincing lures successfully hit organizations across 26 countries, with a staggering 92% of targets based in the US.

Ransomware Breach Exposes Sensitive Data at Sandhills Medical Foundation
Sandhills Medical Foundation suffered a devastating ransomware attack on May 8, 2025, putting sensitive data at risk. It took nearly 11 months for affected individuals to be notified in April 2026, sparking an investigation into the breach.

Vietnamese Hackers Exploit Google AppSheet in 30,000-Account Facebook Phishing Spree
A massive phishing operation, dubbed AccountDumpling, has compromised around 30,000 Facebook accounts using a clever tactic: sending malicious emails from a legitimate Google AppSheet address to bypass spam filters. This sophisticated scam was more than just a simple phishing kit - it was a constantly evolving operation with real-time control panels and a lucrative criminal enterprise.

Cybercrime Groups Exploit Vishing, SSO Abuse in SaaS Extortion Spree
Cybercrime groups are launching lightning-fast extortion attacks within trusted SaaS environments, exploiting vishing and SSO abuse to evade detection and strike with precision. By hiding in plain sight, they're creating significant challenges for defenders trying to keep up.

Microsoft Fixes Remote Desktop Security Warning Display Flaw
Microsoft just dropped an optional update, KB5083631, to squash a bug that's been causing Remote Desktop security warnings to display incorrectly - a fix that's especially crucial for those using multiple monitors with different scaling settings. This targeted update is part of a larger release that includes 34 other changes to improve your Windows 11 experience.