M365 MFA Bypass: Deconstructing the OAuth 2.0 Device Code Phishing Campaign
Deep dive into a sophisticated phishing campaign abusing OAuth 2.0 Device Authorization Grant flow to bypass M365 MFA and steal tokens for persistent access.
mfa-bypass
Operation DoppelBrand: Deconstructing GS7's Fortune 500 Brand Weaponization
In-depth analysis of Operation DoppelBrand, where the GS7 group targets US financial institutions with sophisticated brand impersonations.
Real-Time Vishing Kits: The New Frontier in MFA Bypass and Threat Actor Control
Voice phishing kits empower threat actors with real-time control, bypassing MFA through sophisticated call orchestration and session hijacking.
ShinyHunters' Sophisticated Social Engineering Defeats MFA: A Deep Dive into Next-Gen Data Theft Tactics
ShinyHunters exploit MFA as a pretext in social engineering, bypassing defenses to steal data from major companies like Panera Bread and Match Group.
Mandiant Exposes ShinyHunters-Style Vishing Attacks Stealing MFA for SaaS Breaches
Mandiant details advanced vishing and credential harvesting by ShinyHunters, bypassing MFA to breach SaaS platforms.