#MFA
13 stories taggedMFA.

Your Business Is Not Too Small to Be an Iranian Hacker's Next Target
Groups linked to Iran's intelligence services are not hand-picking victims. They are scanning the internet for any door left unlocked, and a GPS company and a medical-device maker have already paid the price.

81 Million Login Attempts: A Massive Password Spray Attack Hit Microsoft 365 Users
Criminals hammered Microsoft accounts with automated login attempts for two weeks. At least 78 accounts were broken into — and many victims had multi-factor authentication switched on, just not set up correctly.

Ousaban Resurfaces in Iberia, Hiding Bank-Stealer Payloads Inside Images
A Brazilian trojan pivots to Spanish and Portuguese banking customers, using geofenced PDF lures and steganography to bury its real payload.

The Service Desk Is the New Phishing Inbox
Help desks keep getting talked out of MFA resets. The fix is less about training and more about treating identity verification like an auth protocol.

MFA Alone Won't Save You: What Modern Attackers Know That Defenders Don't
A practitioner-focused webinar examines how threat actors sidestep conventional detection controls and why single-layer authentication assumptions are failing organizations.

Zero Trust Turns 15 and Still Can't Get Out of Its Own Way
The 'never trust, always verify' model isn't failing because the idea is wrong. It's failing because organizations keep treating a security philosophy like a SKU.

First-Day Passwords Are Still IAM's Soft Underbelly
Temporary onboarding credentials keep showing up in breach forensics. The problem isn't laziness — it's that most IT teams never actually defined what 'temporary' means.

Infostealers Are Now the Front Door for Ransomware Gangs
Credential theft at industrial scale has made exploit-based initial access look quaint. Here's why stolen session tokens are reshaping the attack chain.

Meta's AI Support Bot Handed Out Password Resets to Anyone Who Asked Nicely
A pro-Iran Telegram channel published a walkthrough showing how Instagram's conversational recovery assistant could be talked into linking attacker-controlled email addresses to target accounts. The Obama White House and a senior U.S. Space Force account were briefly defaced.

When 'Minor Foothold' Means Full Account Takeover: The Week IAM Bent the Wrong Way
A Claude security plugin, an Azure privilege-escalation chain, and a Kali365 MFA bypass all land in the same news cycle. Identity is still the soft underbelly.

The Perimeter Is Gone. Attackers Already Knew That.
Modern intrusions rarely crack the wall. They walk through the front door, wearing your credentials.

Twenty Years of Cyber Lessons and We're Still Losing on the Basics
The industry spent two decades reinventing its philosophy — perimeter defense to assume-breach — yet the attacks that still hit hardest exploit the same unpatched, misconfigured, un-MFA'd mistakes we should have buried years ago.

Prompt Bombing Turned Your Second Factor Into a Doorbell Nobody Stops Ringing
Attackers stopped trying to steal push notifications. They just wait for tired users to tap 'approve' at 2 a.m.