2FA bypass attacks have evolved, and that’s bad news for Gmail and Microsoft users as newly modified threats hit their targets.
Update, April 15, 2025: This story, originally published April 13, has now been updated with details of how real-time email validation helps attackers, along with further information from Trustwave detailing how attackers obfuscate their 2FA bypass phishing threats.
Bernard Bautista and Kevin Adriano, also working at Trustwave, have reported how threat actors are using harmless-looking images to hide what are actually dangerous links in a phishing attack. Not just using, but employing them in what the researchers have described as a “major spike” in this type of attack obfuscation.
The problem is, if it really needed any further explanation, that these malicious scripts can be executed without the need for explicit user interaction, and they are more difficult for security tools to detect and block. Plus, of course, the small matter of people having an elevated yet false sense of security when it comes to images, including SVG files, which are often treated as being of no risk at all.
The report said the impact on cybersecurity and security operations center teams should not be ignored. Both of these teams are significantly hindered from completing any further analysis or investigation when this precision-validated credential theft technique is deployed. Ultimately, the report concludes that the selective nature of precision-validated phishing attacks means that detection through any kind of shared threat intelligence is harder to accomplish as well. “Since phishing pages do not serve malicious content to everyone,” Mamaril warned, “some traditional URL scanning tools may fail to flag them as threats.
Passkey Gmail Gmail Hacked Microsoft M365 Hack Hackers Tycoon Tycoon2fa Trustwave
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Gmail And Microsoft 2FA Security Bypassed — Take Action Now, Users ToldGmail and Microsoft warn users to act now as evolved 2FA bypass attacks strike.
Read more »
You Have 7 Days To Act Following Gmail Lockout Hack Attacks, Google SaysAs complaints of hacked Gmail accounts locking out users continue to flood support forums, Google says you have seven days to regain access. Here’s how.
Read more »
Microsoft is removing this popular app from its lineup, but here's how to get it (and more) for lifeReplace Microsoft 365 with a lifetime license to Microsoft Office
Read more »
FBI Warns—Use 2FA As Time Traveling Hackers StrikeWhat if hackers could time travel? That’s the eyebrow-raising reality of this latest attack, and the FBI wants you to act today.
Read more »
Attack Update—FBI Warns Email And VPN Users Activate 2FA NowThe fallout from the Medusa ransomware threat continues following the FBI warning to enable email 2FA protections, and now important new attack information has emerged.
Read more »
This Google Email Warns Of Dark Web Leaks—Change Password, Use 2FAIf you get a dark web warning email from Google, act now.
Read more »