Security News > 2025 > January > New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass
2025-01-17 10:07
Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication (2FA) codes since at least October 2024. The nascent phishing kit has been dubbed Sneaky 2FA by French cybersecurity company Sekoia, which detected it in the wild in December. Nearly 100 domains hosting
News URL
https://thehackernews.com/2025/01/new-sneaky-2fa-phishing-kit-targets.html
Related news
- Tycoon2FA phishing kit targets Microsoft 365 with new tricks (source)
- New Windows 11 trick lets you bypass Microsoft Account requirement (source)
- Windows 11 Forces Microsoft Account Sign In & Removes Bypass Trick Option (source)
- Microsoft: Licensing issue blocks Microsoft 365 Family for some users (source)
- Week in review: Microsoft patches exploited Windows CLFS 0-day, WinRAR MotW bypass flaw fixed (source)
- ActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK? (source)
- Microsoft blocks ActiveX by default in Microsoft 365, Office 2024 (source)
- Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins (source)
- Attackers phish OAuth codes, take over Microsoft 365 accounts (source)
- Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts (source)