Threats Tagged 'mfa bypass'
View all threats tagged with 'mfa bypass'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'mfa bypass'
Click on any threat for detailed analysis and mitigation recommendations
World Cup 2026 Mobile Targeted Phishing: The Global Social Engineering Threat 0 Multiple phishing campaigns are exploiting the FIFA World Cup 2026 event to target mobile users globally. These campaigns use typosquatting, institutional spoofing, and impersonation of major sports retailers to harvest credentials. A sophisticated recruitment fraud campaign also targets corporate Google Workspace accounts with an Adversary-in-the-Middle platform capable of bypassing MFA. Attack vectors include SMS, WhatsApp, and search engines, leveraging emotional urgency and ticket scarcity. This creates risks for enterprises as employees may access work resources via compromised personal devices. Join the discussion | AlienVault OTX General | 06/11/2026, 21:09:38 UTC Added: 06/15/2026, 19:15:22 UTC |
Latest goon squad to use fake helpdesk calls to steal creds 0 A new extortion group called Pink, tracked as cluster CL-CRI-1147, employs voice phishing and fake IT helpdesk impersonation to compromise organizations. The gang steals employee credentials, bypasses multi-factor authentication, and exfiltrates data from cloud storage platforms like SharePoint and OneDrive. Pink threatens to leak stolen information unless ransom demands are met, setting 72-hour deadlines. The group's data-leak site launched on May 31, 2026. This approach mirrors tactics popularized by Lapsus$, Scattered Spider, and ShinyHunters. Incident responders link Pink to The Com, a loosely connected network of English-speaking hackers and extortionists. Attackers use compromised victim accounts and internal Teams messages for extortion communications, reusing domains across multiple targets. Join the discussion | AlienVault OTX General | 06/04/2026, 22:52:18 UTC Added: 06/05/2026, 06:33:37 UTC |
From Token Bingo to MAX Takeover: Kali365 Operator Expands Operation Across Microsoft Outlook, Okta, Xerox DocuShare, and Other Services 0 A significant expansion of the Kali365 phishing-as-a-service operation has been observed, now targeting multiple platforms beyond Microsoft 365. The operator abuses OAuth 2.0 device authorization flows to bypass MFA and steal authentication tokens. Key discoveries include a live command-and-control panel infrastructure, a phishing campaign impersonating MAX Messenger (Russia's state-backed messaging platform with 110 million users) through fake prize-claim flows, and a cluster of 126 malicious hosts impersonating services including Microsoft Outlook, Okta SSO, Xerox DocuShare, Mail.ru, Yandex Disk, and Odnoklassniki. The operation demonstrates a deliberate focus on Russian consumer platforms alongside Western enterprise targets, utilizing Telegram bots for credential exfiltration and employing a multi-tenant phishing platform distributed through Telegram channels. Join the discussion | AlienVault OTX General | 06/02/2026, 19:07:01 UTC Added: 06/03/2026, 09:33:37 UTC |
Showing 1 to 3 of 3 results