Latest news
Phishing
AWS AiTM Phishing Kit Bypasses MFA to Hijack Cloud Console Sessions in Real Time
29 June 2026 dark6
A real-time adversary-in-the-middle phishing kit has been targeting AWS engineers, stealing credentials and MFA codes simultaneously to hijack cloud sessions...
Phishing
Tycoon 2FA Phishing Kit Bypasses MFA at Scale — 62% of Microsoft 365 Phishing Attempts Linked to Single Threat Actor
28 May 2026 dark6
The Tycoon 2FA phishing-as-a-service kit, operated by threat actor Storm-1747, is bypassing multi-factor authentication on Microsoft 365 and Google Workspace...
Phishing
CORDIAL SPIDER and SNARKY SPIDER Deploy AiTM Pages to Breach SharePoint, HubSpot, and Google Workspace
2 May 2026 dark6
Two threat groups are deploying adversary-in-the-middle phishing pages combined with voice phishing to bypass MFA and hijack enterprise SaaS sessions....