AiTM Archives • Daily CyberSecurity

The Compliance Trap: How a 13,000-Org Phishing Wave Bypasses MFA via AiTM Proxying AiTM Phishing Campaign Microsoft MFA Bypass

The Compliance Trap: How a 13,000-Org Phishing Wave Bypasses MFA via AiTM Proxying

Do Son May 5, 2026

Microsoft’s Defender Security Research and Threat Intelligence teams have sounded the alarm on a massive, highly sophisticated...

Inside Canis C2: The ‘Wide Open’ Surveillance Engine Targeting Every Major OS Canis C2 Surveillance System

Inside Canis C2: The ‘Wide Open’ Surveillance Engine Targeting Every Major OS

Do Son April 14, 2026

In the world of cyber espionage, discovering a new Command and Control (C2) framework is often a...

GemStuffer RubyGems Campaign RubyGems Data Exfiltration TanStack npm Compromise Supply Chain Attack DNS Hijacking APT28 (Fancy Bear) OpenVSX Supply Chain Attack Checkmarx Plugin Breach Stryker Cyberattack CISA Alert Trans-Regional Cyber Conflict Operation Epic Fury Cyber Operation MacroMaze APT28 Cyber Espionage Notepad++ Supply Chain Attack Lotus Blossom Group Defense Industrial Base Threats GTIG Report APT28 Operation Neusploit CVE-2026-21509 Bookworm Malware

APT28 Hijacks Home Routers to Steal Corporate Credentials

Do Son April 8, 2026

In a major technical disclosure, the UK National Cyber Security Centre (NCSC) has detailed a sophisticated campaign...

Trusted Tool Weaponized: Lotus Blossom Hijacks Notepad++ Updates

Do Son February 16, 2026

A new report from Unit 42 has exposed a highly targeted supply chain attack that turned one...

The “All-in-One” Spy: DKnife Malware Hijacks Routers to Swap Downloads DKnife Malware Router AitM Framework

The “All-in-One” Spy: DKnife Malware Hijacks Routers to Swap Downloads

Do Son February 9, 2026

A powerful new cyber weapon has been discovered lurking in routers and edge devices, capable of monitoring...

Evasive Panda APT Hijacks Dictionary.com and App Updates in Two-Year Spree Evasive Panda, AitM

Evasive Panda APT Hijacks Dictionary.com and App Updates in Two-Year Spree

Do Son December 25, 2025

A notorious cyber-espionage group has spent the last two years conducting a highly targeted surveillance campaign, hijacking...

Hackers Weaponize npm to Hunt Critical Infrastructure Sales Teams Supply Chain Phishing, npm Abuse

Hackers Weaponize npm to Hunt Critical Infrastructure Sales Teams

Do Son December 25, 2025

A new investigation by The Socket Threat Research Team has uncovered a sophisticated spear-phishing operation that has...

A Silent Threat: How a Stealthy Campaign Is Stealing ScreenConnect Credentials for Ransomware ScreenConnect, credential harvesting

A Silent Threat: How a Stealthy Campaign Is Stealing ScreenConnect Credentials for Ransomware

Do Son August 28, 2025

The Mimecast Threat Research team, led by Samantha Clarke, has exposed an ongoing credential harvesting campaign (designated...

Phishing-Resistant No More? New Attack Bypasses FIDO Passkeys with Downgrade Trick FIDO passkeys, downgrade attack

Phishing-Resistant No More? New Attack Bypasses FIDO Passkeys with Downgrade Trick

Do Son August 14, 2025

FIDO-based passkeys are widely regarded as one of the strongest defenses against phishing and account takeover (ATO)...

PoisonSeed’s MFA-Resistant Phishing Kit Exposed: A Deep Dive into Precision-Validated Credential Theft

Do Son August 13, 2025

A new NVISO investigation has revealed the inner workings of PoisonSeed, a sophisticated threat actor whose tactics...

The OAuth Phishing Trap: Proofpoint Exposes AiTM Attacks That Bypass MFA to Hijack Cloud Accounts Fake Microsoft landing page, capturing MFA

The OAuth Phishing Trap: Proofpoint Exposes AiTM Attacks That Bypass MFA to Hijack Cloud Accounts

Do Son August 2, 2025

Proofpoint has revealed a persistent wave of adversary-in-the-middle (AiTM) phishing campaigns that exploit Microsoft OAuth applications to...

Russian State Hackers Spy on Moscow Embassies via ISP-Level AiTM Attacks WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

Russian State Hackers Spy on Moscow Embassies via ISP-Level AiTM Attacks

Do Son August 1, 2025

A covert cyberespionage operation by Russian state actor Secret Blizzard has been targeting foreign embassies in Moscow,...

Scanception: Global QR Code Phishing Campaign Bypasses Enterprise Security, Steals Credentials at Scale QR Code Phishing, Credential Harvesting

Scanception: Global QR Code Phishing Campaign Bypasses Enterprise Security, Steals Credentials at Scale

Do Son July 21, 2025

Cyble Research and Intelligence Labs (CRIL) has uncovered an ongoing global phishing campaign that weaponizes QR codes...

New Phishing-as-a-Service Kits Bypass MFA & Target Microsoft 365 Users Globally! Phishing-as-a-Service, AiTM

New Phishing-as-a-Service Kits Bypass MFA & Target Microsoft 365 Users Globally!

Do Son May 31, 2025

Since September 2023, Trustwave’s Threat Intelligence Team has been tracking a sophisticated phishing ecosystem operated by Storm-1575,...

AiTM Attacks Bypass MFA Despite Widespread Adoption cyber

AiTM Attacks Bypass MFA Despite Widespread Adoption

Do Son May 4, 2025

Despite widespread adoption of multi-factor authentication (MFA) as a critical safeguard against unauthorized access, cybercriminals are once...

SessionShark: New Phishing Kit Bypasses Office 365 MFA MFA Bypass, SessionShark

SessionShark: New Phishing Kit Bypasses Office 365 MFA

Do Son April 28, 2025

Security researchers at SlashNext have uncovered a disturbing new tool emerging in cybercrime networks: SessionShark O365 2FA/MFA....

Microsoft Warns of Sophisticated Identity Phishing Campaigns Misusing File Hosting Services

Do Son October 8, 2024

Microsoft Threat Intelligence has identified a rising trend of phishing campaigns exploiting legitimate file hosting services like...

Chinese Hackers StormBamboo Target ISP to Deliver Malware via Updates StormBamboo - Evasive Panda

Chinese Hackers StormBamboo Target ISP to Deliver Malware via Updates

Do Son August 5, 2024

According to a new report from Volexity, in mid-2023, the Chinese group StormBamboo (aka Evasive Panda) infiltrated...

Critical Alert 1 Active Exploit Detected Today