Open Directory Exposes Three Evilginx Phishing Operators
Misconfigured server exposed three phishing operators running Evilginx forks to bypass MFA
MFA reduces account takeover by requiring another proof of identity, limiting damage from stolen passwords; protect fallback and recovery paths too.
Search across headline titles and summaries.
Background for this topic.
MFA requires a user to prove identity with at least two different factor types: something they know, have, or are. It limits account takeover when a password is exposed, but protection depends on the factors and their implementation; two passwords are not independent factors, and a one-time code delivered by SMS is generally weaker than a phishing-resistant credential.
Attackers may steal or relay one-time codes through phishing, trigger repeated push prompts to induce approval, exploit weak enrollment or account-recovery processes, or hijack an authenticated session after MFA succeeds. Prefer phishing-resistant methods such as FIDO2/WebAuthn security keys or platform credentials for sensitive access, protect enrollment and recovery as strongly as login, restrict weaker fallbacks, and monitor unusual authentication activity. MFA reduces risk but does not replace endpoint, session, or privileged-access controls.
Weekly headline count for the current query.
Misconfigured server exposed three phishing operators running Evilginx forks to bypass MFA
Tycoon2FA phishing platform resumes activity post-takedown, leveraging AITM techniques to bypass MFA
A new cybercriminal toolkit uses proxies to mimic popular online services and represents a “significant escalation in phishing infrastructure,” warn researchers at Abnormal
Threat actors posing as IT support teams use phishing kits to generate fake login sites in real-time to trick victims into handing over credentials
Threat actor “Zestix” was able to breach around 50 firms using infostealers because they lacked multi-factor authentication
Whisper 2FA is now one of the most active PhaaS tools alongside Tycoon and EvilProxy, responsible for one million attacks since July 2025
Akira ransomware attacks on SonicWall SSL VPN appliances are bypassing its MFA for rapid deployment
Rapid7 found that 56% of all compromises in Q1 2025 resulted from the theft of valid account credentials with no MFA in place
The tech giant has released its second Secure Future Initiative (SFI) progress report, showcasing its ongoing efforts to improve cybersecurity
The ICO’s Deputy Commissioner told Infosecurity that organizations that fail to implement MFA and suffer a breach can expect heavy penalties
Security firm Barracuda said it has detected more than a million phishing-as-a-service (PhaaS) attacks in 2025
SecurityScorecard revealed that the large-scale password spraying campaign can bypass MFA and security access policies by utilizing Non-interactive sign-ins
Astaroth is an advanced phishing kit using real-time credential and session cookie capture to compromise Gmail, Yahoo and Office 365 accounts
A sophisticated phishing campaign targeting Microsoft ADFS has been observed, affecting more than 150 organizations
Threat researchers analyzed the updated Tycoon 2FA phishing kit, which bypasses MFA
Microsoft confirmed an outage of its multi-factor authentication system impacting access to Microsoft 365, causing login failures and service disruption
The US Cybersecurity and Infrastructure Security Agency recommended users turn on phishing-resistant MFA and switch to Signal-like apps for messaging
Microsoft MFA flaw exposed that allowed attackers to bypass security within an hour, putting 400m Office 365 accounts at risk
The multi-cloud data warehousing platform said it will completely phase out single factor authentication with passwords by November 2025
Google wants to ensure a smooth transition towards required MFA across all Google Cloud accounts with a phased rollout running throughout 2025