MFA verifies who logged in. It has no idea what they do next.

What happens after MFA succeeds? How session token theft lets attackers move laterally through enterprise networks without ...

Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution

Stolen browser sessions and authentication tokens are becoming more valuable than stolen passwords. Flare explains how the ...
Windows Report

FBI Warns Kali365 Can Bypass Microsoft 365 MFA Using OAuth Tokens

The FBI warns that Kali365 phishing attacks can bypass Microsoft 365 MFA by stealing OAuth session tokens through device code phishing.
Computerworld

Chrome Token-Theft Extensions, Nadella Europe Sovereignty, ChatGPT Age-Checks | Ep. 41

In today’s 2-Minute Tech Briefing, researchers flag fake Chrome productivity extensions stealing session tokens from Workday, NetSuite, and SuccessFactors. Satya Nadella argues Europe’s sovereignty ...
SecurityWeek

The Credential Crisis: How Stolen Credentials Defeat Modern Security

Stolen credentials and AI-driven attacks are allowing cybercriminals to bypass traditional security defenses and operate as ...
CSOonline

Okta support system breach highlights need for strong MFA policies

Attackers managed to breach identity and access management company Okta’s support system using stolen credentials and extracted valid customer session tokens from uploaded support files, according to ...
Bleeping Computer

Google: Malware abusing API is standard token theft, not an API issue

Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. In late November 2023, ...
Tech Times

Exchange Server OWA Zero-Day CVE-2026-42897 Exploited With No Permanent Patch and New Mitigation Gaps

Microsoft confirmed on May 14 that CVE-2026-42897 — a cross-site scripting flaw in the Outlook Web Access component of Exchange Server 2016, 2019, and Subscription Edition — is under active ...
Dark Reading

Why Tokens Are Like Gold for Opportunistic Threat Actors

Authentication tokens aren't actual physical tokens, of course. But when these digital identifiers aren't expired regularly or pinned for use by a specific device only, they may as well be made of ...