1. EvilTokens PhaaS Campaign Bypasses MFA at Scale Across 344 Organizations in 16 Days
Security researchers at Huntress have identified a highly automated Phishing-as-a-Service operation dubbed EvilTokens, which has successfully bypassed multi-factor authentication at scale by exploiting OAuth 2.0 device authorization flows. The campaign targeted at least 344 organizations over a 16-day window, represent...