FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
May 22, 2026
The FBI warns Kali365, a PhaaS platform on Telegram, exploits Microsoft device code authentication to bypass MFA entirely and capture
Identity and Access Management
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
The FBI warns Kali365, a PhaaS platform on Telegram, exploits Microsoft device code authentication to bypass MFA entirely and capture persistent OAuth tokens.
Deleted Google API Keys Stay Active for Up to 23 Minutes
Aikido Security found deleted Google API legacy keys stay functional up to 23 minutes after revocation, a significant window during active incident response.
EvilTokens Service Breaches 340 Microsoft 365 Orgs via OAuth Tokens
EvilTokens, a phishing service launched in February 2026, bypassed MFA in 340 Microsoft 365 organizations by stealing OAuth tokens instead of passwords.
SonicWall Gen6 MFA Bypass CVE-2024-12802 Left Open by Incomplete Patch
SonicWall's patch for CVE-2024-12802 needed a manual LDAP reconfiguration most admins skipped, leaving Gen6 VPN open to MFA bypass and ransomware access.
Nx Console VS Code Extension Poisoned to Steal 1Password, AWS Keys
Version 18.95.0 of the Nx Console VS Code extension was weaponized for 11 minutes to steal 1Password vaults, AWS credentials, and Claude Code secrets.
Storm-2949 Abuses Azure Password Reset to Seize Cloud Accounts
Microsoft tracks Storm-2949, a threat actor using SSPR social engineering to hijack Azure accounts without malware and extract Key Vault secrets and M365 data.
GitHub Actions Supply Chain Attack Hijacks actions-cool Tags
Attackers hijacked two actions-cool GitHub Actions workflows via imposter commits, stealing CI/CD credentials from all pipelines that ran them by version tag.
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Tycoon2FA's latest update adds device-code phishing that hands attackers a valid Microsoft 365 OAuth token without requiring the victim's password or MFA code.
MuddyWater Targeted South Korean Electronics Maker via DLL Sideloading
Iran-linked MuddyWater targeted nine organizations globally in 2026, including a South Korean electronics firm, using legitimate vendor DLLs for sideloading.
Google GTIG Documents First AI-Generated Zero-Day Exploit
Google's Threat Intelligence Group confirmed the first AI-generated zero-day exploit, targeting 2FA logic in an open-source web admin tool via LLM-written code.
Deleted Google API Keys Stay Active for Up to 23 Minutes
May 22, 2026
Aikido Security found deleted Google API legacy keys stay functional up to 23 minutes after revocation, a significant window during
EvilTokens Service Breaches 340 Microsoft 365 Orgs via OAuth Tokens
May 21, 2026
EvilTokens, a phishing service launched in February 2026, bypassed MFA in 340 Microsoft 365 organizations by stealing OAuth tokens instead
SonicWall Gen6 MFA Bypass CVE-2024-12802 Left Open by Incomplete Patch
May 21, 2026
SonicWall’s patch for CVE-2024-12802 needed a manual LDAP reconfiguration most admins skipped, leaving Gen6 VPN open to MFA bypass and
Nx Console VS Code Extension Poisoned to Steal 1Password, AWS Keys
May 20, 2026
Version 18.95.0 of the Nx Console VS Code extension was weaponized for 11 minutes to steal 1Password vaults, AWS credentials,
Storm-2949 Abuses Azure Password Reset to Seize Cloud Accounts
May 20, 2026
Microsoft tracks Storm-2949, a threat actor using SSPR social engineering to hijack Azure accounts without malware and extract Key Vault
GitHub Actions Supply Chain Attack Hijacks actions-cool Tags
May 19, 2026
Attackers hijacked two actions-cool GitHub Actions workflows via imposter commits, stealing CI/CD credentials from all pipelines that ran them by
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
May 19, 2026
Tycoon2FA’s latest update adds device-code phishing that hands attackers a valid Microsoft 365 OAuth token without requiring the victim’s password
MuddyWater Targeted South Korean Electronics Maker via DLL Sideloading
May 14, 2026
Iran-linked MuddyWater targeted nine organizations globally in 2026, including a South Korean electronics firm, using legitimate vendor DLLs for sideloading.
Google GTIG Documents First AI-Generated Zero-Day Exploit
May 12, 2026
Google’s Threat Intelligence Group confirmed the first AI-generated zero-day exploit, targeting 2FA logic in an open-source web admin tool via
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.