How to Detect AiTM Phishing Attacks
AiTM attacks bypass MFA completely — attackers steal sessions while your tools see nothing wrong. Here is how to detect them.
Stay updated on the latest bypass techniques threatening information security. Discover defenses and trends in system vulnerabilities with our insights.
Search across headline titles and summaries.
Background for this topic.
Bypass describes attacker methods that circumvent specific security controls, such as authentication checks, input validation, or detection systems, without directly exploiting the underlying vulnerability. These techniques often leverage design flaws, misconfigurations, or protocol weaknesses to evade protections like firewalls, multi-factor authentication, or antivirus scanning.
Bypassing controls can enable unauthorized access, data exfiltration, or persistent presence while avoiding alerts, complicating detection and response. Effective defense requires layered security measures, rigorous configuration management, and continuous validation of control effectiveness to identify and close bypass paths before attackers exploit them.
AiTM attacks bypass MFA completely — attackers steal sessions while your tools see nothing wrong. Here is how to detect them.
Okta Alerts Customers' CISOs to Malicious Campaigns Seeking Single Sign-On AccessA surge in attacks that bypass some types of multifactor authentication has been tied to a new generation of voice-phishing toolkits that give attackers the ability to orchestrate what a target sees in their browser, warns a new report from Okta, which is among the services being targeted.
A coordinated campaign has been observed targeting a recently disclosed critical-severity vulnerability that has been present in the GNU InetUtils telnetd server for 11 years. [...]
Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls
Days after admins began reporting that their fully patched firewalls are being hacked, Fortinet confirmed it's working to fully address a critical FortiCloud SSO authentication bypass vulnerability that should have already been patched since early December. [...]
Hackers began exploiting an authentication bypass vulnerability in SmarterTools' SmarterMail email server and collaboration tool that allows resetting admin passwords. [...]
A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that went unnoticed for nearly 11 years
A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch
Fortinet customers are seeing attackers exploiting a patch bypass for a previously fixed critical FortiGate authentication vulnerability (CVE-2025-59718) to hack patched firewalls. [...]
Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution
GitLab has patched a high-severity two-factor authentication bypass impacting community and enterprise editions of its software development platform. [...]
ACME validation had a challenge-request hole Cloudflare has fixed a flaw in its web application firewall (WAF) that allowed attackers to bypass security rules and directly access origin servers, which could lead to data theft or full server takeover.…
Easy-to-Use Deepfake Services for Criminals Rapidly Improving, Researchers WarnFinancial firms' fraud and risk teams must bolster know-your-customer checks in the face of increasingly effective and affordable deepfake technology and services that can generate synthetic identities, convincing face-swaps and defeat "live" biometric checks to bypass defenses, warn researchers.
Using only natural language instructions, researchers were able to bypass Google Gemini's defenses against malicious prompt injection and create misleading events to leak private Calendar data. [...]
Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment (ACME) validation logic that made it possible to bypass security controls and access origin servers. "The vulnerability was rooted in how our edge network processed requests destined for the ACME HTTP-01 challenge path (/.well-known/acme-challenge/*)," the web infrastructure
Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a data extraction mechanism