#MFA bypass
5 stories taggedMFA bypass.

A Phishing Crew Forgot to Lock Its Own Front Door
A single sloppy command in a shell history file handed French researchers the full toolkit behind three live Microsoft 365 phishing operations.

Two Scattered Spider Members Plead Guilty as London Trial Opens
Thalha Jubair and Owen Flowers admitted roles in the TfL intrusion and a sprawling SIM-swap and SMS-phishing operation that turned harvested SSO credentials into nine-figure ransom payouts.

Device Code Phishing Is Eating MFA. Behavioral Detection Is the Backstop.
Token theft and consent-grant abuse sidestep the second factor entirely. Defenders are leaning on anomaly detection because the login looks legitimate.

Kali365 Phishing Kit Hijacks Microsoft OAuth Tokens to Silently Bypass MFA
The FBI has flagged a device-code phishing campaign powered by Kali365, a toolkit that steals OAuth tokens tied to Microsoft 365 accounts without ever touching a user's password.

FBI flags Kali365, the latest phishing kit pitched at draining Microsoft 365 tenants
The bureau says the subscription-priced service abuses OAuth device-code flows to lift session tokens and walk straight past MFA.