Bleeping Computer

New Mamba 2FA bypass service targets Microsoft 365 accounts

An emerging phishing-as-a-service (PhaaS) platform called Mamba 2FA has been observed targeting Microsoft 365 accounts in AiTM attacks using well-crafted login pages. Additionally, Mamba 2FA offers ...
Bleeping Computer

New Rockstar 2FA phishing service targets Microsoft 365 accounts

A new phishing-as-a-service (PhaaS) platform named 'Rockstar 2FA' has emerged, facilitating large-scale adversary-in-the-middle (AiTM) attacks to steal Microsoft 365 credentials. Like other AiTM ...
Forbes

Microsoft Password Spray And Pray Attack Targets Accounts Without 2FA

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Update, Feb. 27, 2025: This story, originally published Feb.
SiliconANGLE

Whisper 2FA kit steals Microsoft 365 credentials and MFA tokens in real time

A new report released today by cloud cybersecurity firm Barracuda Networks Inc. details a rapidly evolving phishing-as-a-service kit dubbed Whisper 2FA that’s designed to steal Microsoft 365 ...
techtimes

Hackers Target Gmail, Microsoft Accounts by Bypassing 2FA Protection in Phishing Platforms

Recent observations by cybersecurity analysts reveal a concerning trend in the field of cybersecurity: the emergence of a new phishing-as-a-service (PhaaS) platform dubbed "Tycoon 2FA." This tool is ...