mfa-bypass

Helpdesk Squeeze: BlackFile and the Vishing Revival

John Z Black Apr 27, 2026

Threat Intelligence #vishing #social-engineering #ransomware #retail #mfa-bypass

A new extortion group called BlackFile is making millions by doing something shockingly low-tech: calling your helpdesk and asking them to hand over access.

The W3LL Takedown Is the Third Major PhaaS Bust in 2026. The FBI Is Running a Campaign.

John Z Black Apr 13, 2026

Ransomware & Cybercrime #phishing #phaas #fbi #law-enforcement #mfa-bypass #cybercrime

FBI Atlanta and Indonesian police dismantled W3LL, a full-service phishing-as-a-service platform that had been running since 2019 and was explicitly designed to bypass MFA. It's the third major PhaaS takedown in 2026, and that pattern matters more than any single bust.

Russia's GRU Hijacked 18,000 Routers to Steal Microsoft 365 Tokens Without a Single Piece of Malware

John Z Black Apr 8, 2026

Threat Intelligence #apt28 #russia #dns-hijacking #microsoft-365 #oauth #mfa-bypass #soho-routers

APT28 changed the DNS settings on 18,000 home routers and stole Microsoft 365 tokens after users completed MFA. No malware needed. Your second factor was irrelevant.

AI-Written Phishing Emails Get Clicked 450% More Often. The Data Is In.

John Z Black Apr 6, 2026

AI Security #ai #phishing #microsoft #rsac-2026 #tycoon2fa #mfa-bypass #social-engineering

Microsoft telemetry shows AI-assisted phishing lures hit a 54% click-through rate versus 12% for traditional campaigns, a 450% increase that breaks conventional security awareness training.

Device Code Phishing Is Up 37.5x and Ten Kits Are Competing for Market Share

John Z Black Apr 5, 2026

Ransomware & Cybercrime #device-code-phishing #oauth #phishing-kits #eviltokens #mfa-bypass #phaas

Device code phishing attacks surged 37.5x in 2026 with at least ten competing kits now selling the technique to low-skill criminals.

31.4 Terabits in 35 Seconds: Cloudflare's New Threat Report Shows Attacks Have Gone Industrial

John Z Black Mar 29, 2026

Threat Intelligence #cloudflare #ddos #botnet #threat-report #aisuru #kimwolf #session-tokens #mfa-bypass #telecom #doj

Cloudflare's 2026 threat report documents a record-breaking 31.4 Tbps DDoS attack and reveals that 94% of bot-driven login attempts now bypass MFA by stealing session tokens instead of passwords.

340+ Organizations Hit by M365 Phishing That Bypasses MFA Without Touching Your Password

John Z Black Mar 26, 2026

Threat Intelligence #phishing #microsoft-365 #oauth #mfa-bypass #enterprise-security

A device code OAuth phishing campaign has compromised 340+ organizations since February 2026, bypassing MFA and surviving password resets. It's still running.

Tycoon2FA Is Back. It Never Really Left.

John Z Black Mar 24, 2026

Ransomware & Cybercrime #tycoon2fa #phishing-as-a-service #phaas #mfa-bypass #europol #crowdstrike

Europol disrupted Tycoon2FA on March 4. Recovery started the same day. No arrests. By March 23 it was fully operational again. Here's why infrastructure-only takedowns keep failing.