Open Directory Exposes Three Evilginx Phishing Operators
Misconfigured server exposed three phishing operators running Evilginx forks to bypass MFA
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Misconfigured server exposed three phishing operators running Evilginx forks to bypass MFA
Tycoon2FA phishing platform resumes activity post-takedown, leveraging AITM techniques to bypass MFA
A new cybercriminal toolkit uses proxies to mimic popular online services and represents a “significant escalation in phishing infrastructure,” warn researchers at Abnormal
Threat actors posing as IT support teams use phishing kits to generate fake login sites in real-time to trick victims into handing over credentials
Whisper 2FA is now one of the most active PhaaS tools alongside Tycoon and EvilProxy, responsible for one million attacks since July 2025
The tech giant has released its second Secure Future Initiative (SFI) progress report, showcasing its ongoing efforts to improve cybersecurity
Security firm Barracuda said it has detected more than a million phishing-as-a-service (PhaaS) attacks in 2025
Astaroth is an advanced phishing kit using real-time credential and session cookie capture to compromise Gmail, Yahoo and Office 365 accounts
A sophisticated phishing campaign targeting Microsoft ADFS has been observed, affecting more than 150 organizations
Threat researchers analyzed the updated Tycoon 2FA phishing kit, which bypasses MFA
The US Cybersecurity and Infrastructure Security Agency recommended users turn on phishing-resistant MFA and switch to Signal-like apps for messaging
Discovered by Sekoia in 2023, the kit is associated with Adversary-in-The-Middle (AiTM) attacks
Darktrace reveals a novel phishing campaign where attackers leveraged legitimate Dropbox infrastructure to steal credentials before bypassing MFA
FIDO Alliance’s third Online Authentication Barometer showed that AI-powered phishing is slowly prompting users to switch passwords for multi-factor authentication methods
Proofpoint reveals surge in direct financial losses from attacks
The guidelines describe methods threat actors use to steal MFA credentials and how to defend against them
The tool highlights the growth in attacks against online services and MFA authorization mechanisms
A large-scale phishing campaign stole passwords, hijacked a user’s sign-in session and skipped the authentication process even if MFA was enabled
Proofpoint warns of use of transparent reverse proxies