Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Service desk social engineering defenses tighten identity verification for password resets and MFA changes

Defensive Guidance
First reported
Last updated
Happening score
H score 17
1 unique sources, 1 articles

Summary

Hide ▲

Service desk identity verification is being tightened against social engineering attacks, reducing impersonation-driven account takeover and unauthorized access across corporate environments. The guidance centers on password resets, account unlocks, and MFA changes, where attackers often pose as employees or IT staff. Recommended controls include out-of-band confirmation, tighter approval paths, and alerts for repeated recovery requests.

Related Happenings

CISA FortiBleed mitigation guidance

Advisory/Mitigation
H score67 First: 19.06.2026 09:47 Last: 19.06.2026 09:47 Sources 1

About this happening: **CISA** issued mitigation guidance for **FortiBleed**, urging operators of **internet-accessible Fortinet devices** to harden exposed **FortiGate** and VPN environments after a *...

Open Happening

ICO releases five-step AI cyber guidance

Public Sector Action
H score18 First: 14.05.2026 12:00 Last: 14.05.2026 12:00 Sources 1

About this happening: The **UK Information Commissioner’s Office (ICO)** released a **five-step guide** urging organizations to prepare for **AI-powered cyber threats**, making it clear that stronger r...

Open Happening

W3LL Microsoft 365 adversary-in-the-middle phishing campaign

Campaign
H score39 First: 13.04.2026 21:55 Last: 13.04.2026 21:55 Sources 1

About this happening: The **W3LL** phishing operation turned into a high-volume **Microsoft 365** credential-theft campaign, exposing **more than 17,000 victims worldwide** to **BEC** risk. The kit use...

Open Happening

Microsoft AiTM payroll pirate attack mitigation

Advisory/Mitigation
H score34 First: 10.04.2026 14:56 Last: 10.04.2026 14:56 Sources 1

About this happening: **Microsoft** is urging defenders to harden **Microsoft 365** and related **HR workflows** against **AiTM**-driven payroll theft by requiring **phishing-resistant MFA**, blocking...

Open Happening

Phishing-resistant authentication to block post-breach credential abuse and relay attacks

Defensive Guidance
H score41 First: 09.04.2026 17:02 Last: 09.04.2026 17:02 Sources 1

About this happening: **Phishing-resistant authentication** is being emphasized as the control that can stop post-breach account takeover when exposed email records fuel **credential stuffing**, **AiTM...

Open Happening

Timeline

  1. 24.06.2026 17:02 2 articles · 3h ago

    Service desks require strict identity verification for password resets and MFA changes

    Untyped Phase

    Organizations are advised to harden service desk workflows by requiring strict identity verification for password resets, account unlocks, and multi-factor authentication changes. The guidance calls for out-of-band confirmation, limits on help desk privileges for admin or IT accounts, and logging plus alerts for repeated credential recovery actions on high-risk users.

    Show sources
    Open in new tab