MFA

3 minute read

New Phishing Scam Uses LiveChat to Pose as Amazon and PayPal in Real Time

Cofense researchers warn of a phishing scam where attackers use LiveChat to impersonate Amazon and PayPal agents and steal credit card and MFA codes.

byDeeba Ahmed

March 16, 2026

3 minute read

Authorities Shut Down Tycoon 2FA Phishing Platform Used to Bypass MFA

Europol and partners dismantle Tycoon 2FA phishing service used to bypass MFA, disrupting a global phishing-as-a-service operation targeting organisations.

byWaqas

March 5, 2026

2 minute read

New VoidProxy Phishing Service Bypasses MFA on Microsoft and Google Accounts

Okta Threat Intelligence exposes VoidProxy, a new PhaaS platform. Learn how this advanced service uses the Adversary-in-the-Middle technique…

byDeeba Ahmed

September 13, 2025

2 minute read

Google Reveals UNC6395’s OAuth Token Theft in Salesforce Breach

A new advisory from Google and Mandiant reveals a widespread data breach in Salesforce. Learn how UNC6395 bypassed…

byDeeba Ahmed

August 27, 2025

2 minute read

Hackers Use Social Engineering to Target Expert on Russian Operations

Citizen Lab and Google uncovered a new, sophisticated cyberattack linked to Russian state actors that exploits App-Specific Passwords, bypassing Multi-Factor Authentication. Discover how to protect yourself from these evolving threats.

byDeeba Ahmed

June 20, 2025

Smart Cars, Dumb Passwords: Auto Industry Still Runs on Weak Passwords

2 minute read

Security

Smart Cars, Dumb Passwords: Auto Industry Still Runs on Weak Passwords

A new study by NordPass and NordStellar reveals the automotive industry is plagued by weak, reused, and common…

byDeeba Ahmed

June 3, 2025

New SessionShark Phishing Kit Steals Session Tokens to Bypass Office 365 MFA

2 minute read

New SessionShark Phishing Kit Bypasses MFA to Steal Office 365 Logins

SessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn of real-time attacks via fake…

byDeeba Ahmed

April 24, 2025

2 minute read

Russia’s Storm-2372 Hits Orgs with MFA Bypass via Device Code Phishing

Russian APT group Storm-2372 employs device code phishing to bypass Multi-Factor Authentication (MFA). Targets include government, technology, finance,…

byDeeba Ahmed

April 11, 2025

3 minute read

Hackers Using Fake Microsoft ADFS Login Pages to Steal Credentials

A global phishing campaign is actively exploiting a legacy Microsoft authentication system to steal user credentials and bypass multi-factor authentication (MFA), targeting over 150 organizations.

byDeeba Ahmed

February 5, 2025

3 minute read

AuthQuake Flaw Allowed MFA Bypass Across Azure, Office 365 Accounts

SUMMARY Cybersecurity researchers at Oasis Security have identified a vulnerability in Microsoft’s Multi-Factor Authentication (MFA), known as AuthQuake,…

byWaqas

December 11, 2024

The Latest

Cybersecurity Risks of Hiring a Virtual Assistant and How to Protect Your Business

Researchers Say Fiverr Left User Files Open to Google Search

Anonymizing Network Traffic: A Dive into SOCKS5 and Data Encryption

Securing Remote Server Access: Why VPNs Matter for Administrators

MFA

New Phishing Scam Uses LiveChat to Pose as Amazon and PayPal in Real Time

Authorities Shut Down Tycoon 2FA Phishing Platform Used to Bypass MFA

New VoidProxy Phishing Service Bypasses MFA on Microsoft and Google Accounts

Google Reveals UNC6395’s OAuth Token Theft in Salesforce Breach

Hackers Use Social Engineering to Target Expert on Russian Operations

Smart Cars, Dumb Passwords: Auto Industry Still Runs on Weak Passwords

New SessionShark Phishing Kit Bypasses MFA to Steal Office 365 Logins

Russia’s Storm-2372 Hits Orgs with MFA Bypass via Device Code Phishing

Hackers Using Fake Microsoft ADFS Login Pages to Steal Credentials

AuthQuake Flaw Allowed MFA Bypass Across Azure, Office 365 Accounts

Security Risk Advisors Purple Team Participants Can Now Earn CPE Credits

Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action

AI Future: The Leading International AI and Web3 Forum to Take Place in April

Cybersecurity Firm TAC Security Hits 10,000 Clients, Enters Top 5 in Global VM & AppSec

2026 Cybersecurity Excellence Awards Winners Announced during RSA Conference as AI Security Dominates