The attack abused misconfigured conditional access policies to bypass multi-factor authentication protections.
Hackers launched 81 million login attempts against Microsoft 365, exploiting Azure CLI and MFA configuration gaps to ...
The attack exploited previously exposed credentials and flaws in enterprises’ multi-factor authentication configurations.
An aggressive password-spraying campaign targeting Microsoft 365 environments generated more than 81 million login attempts over a two-week period.
The FBI warns about Kali365, a phishing scam targeting Microsoft 365 accounts that can bypass multifactor authentication ...
ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA ...
A new report released today by cloud cybersecurity firm Barracuda Networks Inc. details a rapidly evolving phishing-as-a-service kit dubbed Whisper 2FA that’s designed to steal Microsoft 365 ...
Researchers from Check Point have discovered a new phishing campaign, abusing a legitimate Microsoft product in an attempt to steal people’s login credentials. In a new blog post, published earlier ...
The US Federal Bureau of Investigation (FBI) has issued an alert warning Microsoft 365 users about a rapidly emerging phishing campaign known as "Kali365", a malicious platform that allows ...
A highly organized phishing-as-a-service operation (PhaaS) is targeting Microsoft 365 accounts across financial firms with business email compromise (BEC) attacks that leverage a two-factor ...
Microsoft has confirmed an outage that affected its multi-factor authentication (MFA) system, causing service disruptions for users attempting to access Microsoft 365 applications. The issue, ...