MFA bypass
-
Hackers bypass SonicWall VPN MFA after incomplete patching
Threat actors bypassed MFA on SonicWall Gen6 SSL-VPN appliances in attacks between February and March, exploiting a flaw that stayed open on devices that were updated but not fully remediated, according to a ReliaQuest analysis.
-
Coordinated action disrupts Tycoon 2FA phishing service that targeted tens of thousands of organisations
A coordinated operation in early March 2026 disrupted Tycoon 2FA, a subscription phishing platform that generated tens of millions of emails monthly and enabled unauthorized access to nearly 100,000 organisations worldwide.
-
Starkiller phishing suite proxies live login pages to bypass MFA
Researchers disclosed Starkiller, a phishing suite that proxies live login pages through attacker controlled headless browsers to capture keystrokes, session tokens and MFA codes. The toolkit centralises deployment and uses URL masking to hide destinations.
-
Multi-stage AitM phishing and BEC campaign abused SharePoint to target energy organisations
Microsoft flagged a multi-stage AitM phishing and BEC campaign using SharePoint links and inbox rules to persist. One observed case sent over 600 phishing messages. Mitigation requires revoking session cookies and deleting attacker-created rules.
-
FBI warns Kimsuky used malicious QR codes in 2025 quishing campaigns
An FBI flash alert warned that North Korea linked group Kimsuky used malicious QR codes in 2025 spear phishing to target think tanks, academia, and government entities. The attacks aimed to steal session tokens and bypass multi factor authentication.
-
Researchers Flag Four New Phishing Kits That Automate Credential Theft and MFA Bypass
Security firms have identified four phishing kits — BlackForce, GhostFrame, InboxPrime AI and Spiderman — that automate credential theft, bypass multi-factor authentication and mass-produce phishing emails, with researchers warning the tools lower barriers for large-scale attacks.
-
Researchers warn ‘Jingle Thief’ group exploits cloud access to commit gift card fraud
Palo Alto Networks Unit 42 says a group called Jingle Thief is targeting cloud environments used by retailers to steal credentials, issue unauthorized gift cards and resell them on gray markets, using phishing, long‑term access and identity misuse to evade detection.
-
Akira campaign bypasses OTP MFA on SonicWall VPNs, researchers say
Researchers report the Akira ransomware group has successfully logged into SonicWall SSL VPN accounts protected by OTP MFA, possibly using previously stolen OTP seeds. Vendors including SonicWall and Arctic Wolf advise installing updates and resetting VPN credentials while investigations continue.
-
Microsoft patches critical Entra ID flaw CVE-2025-55241 with 10.0 severity, enabling cross-tenant impersonation
Microsoft has patched a critical Entra ID vulnerability, CVE-2025-55241, with a maximum CVSS score of 10.0 that could allow cross-tenant impersonation of users, including Global Administrators. The fix, disclosed by researchers and implemented on July 17, 2025, requires no action by customers, though experts warn the flaw highlights broader cloud-security risks and the need to…
-
Cheap VPS Hijacking Drives New Wave of SaaS-Based Business Email Compromises, Darktrace Finds
A Darktrace security report details a new wave of attacks where criminals rent cheap VPS services to hijack business email accounts, bypass traditional defenses, and establish covert, long-term access through subtle inbox rules.
