Secure Bulletin Navigating the cyber sea with knowledge
Home > Tag > MFA bypass
#MFA bypass

81 Million Login Attempts: Massive Password Spray Campaign Bypasses MFA to Compromise Azure and Microsoft 365 Accounts

2 July 2026  |  dark6  |  Cybercrime

A massive automated campaign made 81 million login attempts against Microsoft 365 and Azure CLI accounts between June 12 and June 26, 2026, successfully compromising 78 accounts across...

>> read more

AWS AiTM Phishing Kit Bypasses MFA to Hijack Cloud Console Sessions in Real Time

29 June 2026  |  dark6  |  Phishing

A real-time adversary-in-the-middle phishing kit has been targeting AWS engineers, stealing credentials and MFA codes simultaneously to hijack cloud sessions before they expire. Standard MFA provides zero protection...

>> read more

CVE-2026-48558: Critical SimpleHelp Auth Bypass Exposes 14,000 RMM Servers to Unauthenticated Access

16 June 2026  |  dark6  |  Vulnerability

Horizon3.ai disclosed CVE-2026-48558, a critical authentication bypass in SimpleHelp's OIDC integration that allows unauthenticated attackers to create privileged technician accounts and bypass MFA. Nearly 14,000 internet-exposed servers are...

>> read more

Tycoon 2FA Phishing Kit Bypasses MFA at Scale — 62% of Microsoft 365 Phishing Attempts Linked to Single Threat Actor

28 May 2026  |  dark6  |  Phishing

The Tycoon 2FA phishing-as-a-service kit, operated by threat actor Storm-1747, is bypassing multi-factor authentication on Microsoft 365 and Google Workspace accounts at massive scale. At its peak it...

>> read more