Tycoon 2FA Still Active After Takedown
Read More: buff.ly/elJsmNc

#Tycoon2FA #PhishingAsAService #MFABypass #CredentialTheft #ThreatIntel #Cybercrime #AccountSecurity #InfosecAlert

Spring Boot to SharePoint Exfiltration

~Trendmicro~
Attackers exploited an exposed Spring Boot Actuator and plaintext secrets to bypass MFA via ROPC, exfiltrating SharePoint data.
-
IOCs: (None identified)
-
#CloudSecurity #MFABypass #ThreatIntel

Tycoon 2FA Phishing Platform Disrupted
Read More: buff.ly/jehcYZi

#Tycoon2FA #PhishingAsAService #MFABypass #Europol #MicrosoftSecurity #CybercrimeCrackdown #CredentialTheft #GlobalCyber

Europol Busts Tycoon 2FA Phishing Service
Read More: buff.ly/oNb3sJB

#Tycoon2FA #PhishingAsAService #MFABypass #Europol #LawEnforcement #CredentialTheft #CybercrimeCrackdown #InfosecNews

Starkiller: A new phishing framework that proxies real login pages to bypass MFA, enabling swift account takeovers. Stay vigilant! #CyberSecurity #Phishing #MFABypass Link: thedailytechfeed.com/starkiller-p...

Police Arrest Seller Of JokerOTP Tool
Read More: buff.ly/kazEEpJ

#JokerOTP #MFABypass #PhishingAutomation #CybercrimeArrest #NetherlandsPolice #FinancialFraud #ThreatActors #InfosecNews

Mandiant Finds Vishing Attacks Stealing MFA
Read More: buff.ly/z5IK3us

#Vishing #MFABypass #ShinyHunters #SocialEngineering #CloudSecurity #IdentityAttack #ThreatResearch #CyberExtortion

Okta SSO Accounts Targeted in Vishing Campaign that Uses Custom Phishing-as-a-Service Kits Attackers used vishing and real-time phishing kits to steal Okta SSO credentials, bypass MFA, and access connected cloud services.

Full Article: www.technadu.com/okta-sso-acc...

Are voice-based social engineering attacks being taken seriously enough?
Comment your opinion below.
#Okta #IdentitySecurity #Vishing #Phishing #MFABypass #CyberThreats #CloudSecurity

Alert: Sophisticated phishing campaign bypasses MFA, targeting Microsoft 365 and Okta users. Stay vigilant and enhance your security measures. #CyberSecurity #PhishingAlert #MFABypass Link: thedailytechfeed.com/sophisticate...

Alert: New phishing threat combines Salty2FA & Tycoon2FA kits to target enterprise credentials. Stay vigilant! #CyberSecurity #PhishingAlert #MFABypass Link: thedailytechfeed.com/hybrid-phish...

New BitB Phishing Threat #SOC #TechSecurity
Sneaky2FA adds Browser-in-the-Browser attacks that mimic Microsoft 365 logins.

#CyberSecurity #Phishing #BitB #MFABypass #Microsoft365 #SecurityUpdate #TechSafety #Technijian

FBI, CISA warn about Scattered Spider’s evolving tactics International authorities are pursuing the group following the arrests of four suspects in a series of attacks targeting British retailers.

FBI & CISA warn that the cybercrime group Scattered Spider is using social engineering to bypass MFA by misleading IT help desks into registering unauthorized 2FA devices. #cybersecurity #MFABypass www.cybersecuritydive.com/news/fbi-cis...

🚨 FIDO2 MFA bypass alert! Attackers use spoofed QR codes on fake Okta pages to hijack sessions in real time, even with valid tokens. MFA isn’t foolproof. Get IOCs + full advisory 👉
#CyberSecurity #MFABypass #Sequretek

Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from…

🚨 Poisoned phishing: attackers downgrade FIDO2 MFA to bypass protections. Even strong auth needs stronger vigilance. 🧑‍💼🎯
#MFABypass #PhishingTactics

The MFA You Trust Is Lying to You – and Here's How Attackers Exploit It MFA Authenticator apps aren't cutting it anymore. Attackers are bypassing legacy MFA with fake sites and real-time phishing. Token Ring and BioStick stop them cold—with fingerprint-bound hardware.…

🔓 MFA isn't bulletproof—attackers are exploiting trust in push notifications and session hijacking to bypass it. Rethink your authentication layers now.
#MFABypass #IdentitySecurity 🛑🔐

Billions of session cookies for sale sparks security warning : Law enforcement crackdowns are gathering pace but online marketplaces still teeming with valuable tokens

Over 93.7B stolen cookies are for sale on the dark web; 7–9% remain active, enabling hackers to hijack sessions and bypass MFA. #CyberSecurity #Infostealer #SessionHijacking #MFABypass #DarkWeb #Redline #LummaC2 #CookiesTheft #DataBreach #ThreatIntel www.theregister.com/2025/05/29/b...

Tycoon2FA Phishing Attack Exposes Microsoft 365: Protected 2025 Discover how the Tycoon2FA phishing campaign is targeting Microsoft 365 users with backslash URL tricks to steal credentials. Learn how...

🚨 Tycoon2FA Phishing Alert
A new phishing attack targets Microsoft 365 users using malformed URLs to bypass MFA and steal

🔗 Full blog: technijian.com/desktop-supp...
🎧 Podcast: technijian.com/podcast/tyco...

#Tycoon2FA #PhishingAttack #Microsoft365 #CyberSecurity #Technijian #MFABypass

Alert: Cookie Bite Attack on Entra ID Puts Microsoft 365 at Risk Cookie Bite attack on Azure Entra ID exposes Microsoft 365 to session hijacking, MFA bypass, and persistent threats. Learn how Technijian...

🚨 ALERT: Microsoft 365 Under Siege! 🚨

🔗 technijian.com/microsoft/co...

#Microsoft365 #CyberSecurity #AzureEntraID #CookieBiteAttack #MFABypass #SessionHijacking #ZeroTrust #BrowserSecurity #CloudSecurity #InfoSec #CyberAwareness #Technijian #MS365Protection #ThreatDetection #InfosecNews

'Cookie Bite' Entra ID Attack Exposes Microsoft 365 A proof-of-concept (PoC) attack vector exploits two Azure authentication tokens from within a browser, giving threat actors persistent access to key cloud services, including Microsoft 365 application...

⚠️ Cyber threat: “Cookie Bite” attack hijacks Microsoft 365 sessions 🍪💻
Steals Entra ID auth cookies to bypass MFA
📧 Persistent Outlook/Teams access
🔍 Browser extensions = attack vector
🛡️ Watch for suspicious sign-ins

#CyberSecurity #Microsoft365 #MFABypass
www.darkreading.com/remote-workf...

New Tycoon2FA Phishing Kit Tricks: Microsoft 365 MFA Bypass Tycoon2FA phishing kit targets Microsoft 365 with stealthy updates to bypass MFA. Learn about SVG lures, anti-debugging tactics, and how to..

🚨 Tycoon2FA is back—more stealthy than ever! New tricks target #Microsoft365 & bypass MFA. Learn how:
📖 technijian.com/cyber-securi...
🎧 technijian.com/podcast/tyco...
#CyberSecurity #Tycoon2FA #PhishingKit #MFABypass #Technijian #SVGPhishing

🚨 ALERT: Hackers Are Bypassing MFA Protections! 🚨

📢 Read more: technijian.com/cyber-securi...

#CyberSecurity #MFABypass #HackingAlert #OnlineSecurity #DataProtection #MultiFactorAuthentication #CyberThreats #StaySafeOnline #Technijian #SecurityTips

Mfa-bypass ontrafeld: waarom meerfactor-authenticatie niet volstaat / Hacking / Cybercrime / Menu Onderwijs & Ontwikkeling | CyberCrimelnfo.nl | De bibliotheek van Cybercrime en Darkweb MFA is niet onfeilbaar: ontdek hoe cybercriminelen authenticatie omzeilen met technieken zoals phishing, MFA-fatigue en sim-swapping. Leer effectieve verdedigingsstrategieën.

#MFA #Cybercrime #Hacking #Authentication #Phishing #MFABypass #SimSwapping #SocialEngineering #MFAFatigue #SecurityAwareness #DefenseInDepth #CyberSecurity #PhishingResistantMFA #EndpointDetection #EDR #IncidentResponse #Security #CyberAttack #Darkweb #HumanFactor

www.ccinfo.nl/menu-onderwi...

🌐 How Tycoon 2FA Works
It uses AiTM to intercept credentials & MFA tokens via a reverse proxy, then steals session cookies for persistent access. #AiTM #MFAbypass

AuthQuake Bypass Shows Not All MFA Is Equal Learn how AuthQuake exploited loopholes in Microsoft Authenticator to cause MFA bypass, and how this shows the need for stronger auth factors like passkeys.

After all the dust has settled, what can we learn from #AuthQuake?

This blog covers:

✅ How AuthQuake works
✅ The rise of #mfabypass
✅ Why #passkeys are (almost always) the answer

🔗 : www.descope.com/blog/post/au...

Hat tip to Oasis Security for the groundbreaking research (pun somewhat intended)

MFA bypass becomes a critical security issue as ransomware tactics advance - Help Net Security MFA bypass through session hijacking is now seen as the top emerging threat for organizations hit by ransomware in the past year.

MFA bypass becomes a critical security issue as ransomware tactics advance
www.helpnetsecurity.com/2024/09/24/r...
#Infosec #Security #Cybersecurity #CeptBiro #MFAbypass #CriticalSecurityIssue #RansomwareTacticsAdvance