#mfa-bypass
5 articles
This archive collects 8 articles tagged mfa-bypass published between April 13, 2026 and April 28, 2026, giving security teams a focused view of how this topic has appeared across ZCyberNews coverage. Observed actor references include Storm-2755 and Tycoon 2FA, presented only where the underlying article metadata supports the attribution. The affected-scope signals emphasize all, enterprise, and finance across Canada, Global, and North america, helping readers compare exposure patterns without adding claims beyond the archive data. Severity coverage includes 8 high reports.
HIGHDeepfake Voice Attacks Outpace Defenses, Bypass MFA
Adaptive Security finds 3 seconds of audio enough to clone a voice for fraud; deepfake calls tricked employees into wiring $243K in one case. No detection tool caught the attack.
HIGHTycoon 2FA Phishing Kit Disruption Fuels Surge in Copycat Attacks
The disruption of the Tycoon 2FA phishing-as-a-service platform has led to a surge in copycat attacks, as threat actors reuse its tools and techniques in other kits, increasing the overall volume of multi-factor authentication bypass attempts.
HIGHTycoon 2FA Phishing Group Shifts to Device Code Attacks
The Tycoon 2FA phishing group has abandoned its namesake toolkit, adopting device code phishing to bypass multi-factor authentication and compromise Microsoft 365 and Gmail accounts.
HIGHAttackers Shift from Phishing to Social Engineering for Okta Compromise
Threat actors are bypassing email security by using phone-based social engineering to target IT help desks and compromise Okta identity systems, enabling initial access to corporate networks.
HIGHStorm-2755 Hijacks Payroll via AiTM Attacks
Financially motivated group Storm-2755 targets Canadian employees using AiTM session hijacking to redirect salary payments.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.