The Hacker News

Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication

Starkiller phishing suite uses live reverse proxying to bypass MFA, while attackers abuse OAuth device codes to hijack Microsoft 365 accounts.
Forbes

New 2FA Security Warning—30 Million Authentication Cookies Up For Sale

Update, Dec. 03, 2024: This story, originally published Dec. 02, now updated to reflect the 2FA-bypass security threat beyond Black Friday and Cyber Monday. The busiest period of online shopping, ...
Dark Reading

Facebook Bug Allows 2FA Bypass Via Instagram

A bug-bounty hunter found an issue in Meta's Instagram API endpoints that could allow a threat actor to launch brute-force attacks and bypass two-factor authentication (2FA) on Facebook. The ...
Bleeping Computer

Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass

Over 10,000 Fortinet firewalls are still exposed online and vulnerable to ongoing attacks exploiting a five-year-old critical two-factor authentication (2FA) bypass vulnerability. Fortinet released ...