Find notable cyber news and cases, enriched with sources, timelines, and signals.

Phishing-resistant authentication to block post-breach credential abuse and relay attacks

Defensive Guidance
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

Phishing-resistant authentication is being emphasized as the control that can stop post-breach account takeover when exposed email records fuel credential stuffing, AiTM relay attacks, and help desk social engineering. Legacy push, SMS, and TOTP factors can be relayed or fatigued into approval, so they do not reliably prove the real user is present. The guidance centers on FIDO2/WebAuthn-style controls with cryptographic origin binding, hardware-bound keys, and live biometric verification so the login fails if the origin is spoofed or the authorized person is absent.

Related Happenings

Service desk social engineering defenses tighten identity verification for password resets and MFA changes

Defensive Guidance
H score17 First: 24.06.2026 17:02 Last: 24.06.2026 17:02 Sources 1

About this happening: **Service desk identity verification** is being tightened against **social engineering attacks**, reducing impersonation-driven account takeover and unauthorized access across cor...

CISA FortiBleed mitigation guidance

Advisory/Mitigation
H score67 First: 19.06.2026 09:47 Last: 19.06.2026 09:47 Sources 1

About this happening: **CISA** issued mitigation guidance for **FortiBleed**, urging operators of **internet-accessible Fortinet devices** to harden exposed **FortiGate** and VPN environments after a *...

EvilTokens Microsoft 365 consent phishing campaign

Campaign
H score39 First: 19.05.2026 14:30 Last: 19.05.2026 14:30 Sources 1

About this happening: The **EvilTokens** campaign rapidly compromised **more than 340 Microsoft 365 organizations** across **five countries**, showing how **OAuth grant abuse** can bypass **MFA** and c...

W3LL Microsoft 365 adversary-in-the-middle phishing campaign

Campaign
H score39 First: 13.04.2026 21:55 Last: 13.04.2026 21:55 Sources 1

About this happening: The **W3LL** phishing operation turned into a high-volume **Microsoft 365** credential-theft campaign, exposing **more than 17,000 victims worldwide** to **BEC** risk. The kit use...

Microsoft AiTM payroll pirate attack mitigation

Advisory/Mitigation
H score34 First: 10.04.2026 14:56 Last: 10.04.2026 14:56 Sources 1

About this happening: **Microsoft** is urging defenders to harden **Microsoft 365** and related **HR workflows** against **AiTM**-driven payroll theft by requiring **phishing-resistant MFA**, blocking...

Timeline

  1. 09.04.2026 17:02 2 articles · 3mo ago

    Figure email exposure leads to phishing-resistant auth guidance

    Technical Analysis Update

    A February 2026 Figure breach exposed nearly 967,200 email records and is framed as the starting point for downstream credential stuffing, targeted phishing, help desk social engineering, and adversary-in-the-middle relay attacks that can defeat push, SMS, and TOTP-based MFA. The recommended response is phishing-resistant authentication with cryptographic origin binding, hardware-bound private keys, and live biometric verification so a spoofed origin or relayed session cannot authenticate as the authorized individual.

    Show sources