Security · 1h ago
New Phishing Kits Bypass MFA to Hijack Microsoft 365 Accounts
Two phishing kits, Jalisco and OmegaLord, target Microsoft 365 accounts by abusing device code flows and OAuth tokens to bypass multi-factor authentication. The kits use MFA prompts to trick users into granting persistent access. This technique allows attackers to maintain access even after password changes.
Meridian48 take
While MFA bypass is not new, these kits show attackers are refining methods to exploit legitimate authentication protocols, making detection harder.
Read the full reporting
Jalisco, OmegaLord Phishing Kits Target Microsoft 365 Accounts →
TechRepublic
phishingmicrosoft-365