Tag

MFA-Bypass

4 briefs RSS

Microsoft Entra ID Temporary Access Pass (TAP) Abuse for MFA Bypass and Persistence

An attacker with elevated privileges abuses the Microsoft Entra ID Temporary Access Pass (TAP) feature to bypass multi-factor authentication (MFA), gain unauthorized access to target user accounts, and establish persistence by registering new authentication methods.

Microsoft Entra ID cloud identity azure entra-id mfa-bypass persistence lateral-movement initial-access

3r 2t 2d ago

high threat

SonicWall Gen6 SSL-VPN MFA Bypass via CVE-2024-12802

2 rules 1 TTP 1 CVE

Threat actors exploited CVE-2024-12802, a vulnerability in SonicWall Gen6 SSL-VPN appliances, to bypass multi-factor authentication (MFA) after brute-forcing VPN credentials, leading to the deployment of ransomware-related tools.

Gen6 SSL-VPN appliances +2 Initial Access Broker vpn mfa-bypass cve-2024-12802 sonicwall initial access

2r 1t 1c May 20, 2026

high advisory

Tycoon2FA PhaaS Platform Resurgence After Takedown

2 rules 2 TTPs 1 IOC

The Tycoon2FA phishing-as-a-service (PhaaS) platform, disrupted in March 2026, has resurged with consistent tactics, employing adversary-in-the-middle (AITM) techniques to bypass MFA and compromise email accounts through phishing campaigns, credential theft, and session cookie hijacking.

phishing credential-theft MFA-bypass

2r 2t 1i Mar 28, 2026

high advisory

Tycoon2FA Phishing-as-a-Service Resurgence After Takedown

2 rules 2 TTPs 1 IOC

The Tycoon2FA Phishing-as-a-Service platform, used to bypass multifactor authentication (MFA), has resurged to pre-takedown levels of activity following a disruption effort in March 2026, maintaining its original tactics, techniques, and procedures (TTPs) for credential harvesting and cloud compromise.

phishing credential-theft MFA-bypass phishing-as-a-service

2r 2t 1i Mar 28, 2026