A threat actor named Zestix has exploited a lack of multifactor authentication (MFA) to breach the corporate networks of around 50 organizations. These attacks primarily targeted widely used collaboration platforms, allowing Zestix to access sensitive data after stealing credentials through infostealers. The firms affected span various industries, including aviation and construction, with notable victims like Iberia Airlines and Japanese homebuilder Sekisui House. The process begins when an employee unknowingly downloads a malicious file, which then captures saved credentials and browser history. These details are compiled and sold on the Dark Web. Zestix specifically searches for corporate cloud URLs, using valid usernames and passwords to log into systems that lack MFA. Hudson Rock, the cybersecurity firm reporting these findings, emphasizes that many organizations still fail to enforce MFA, which would have prevented these breaches. The ease of access highlights a significant security lapse in firms that didn’t implement basic protective measures. Hudson Rock's intelligence platform identified thousands of organizations at risk, linking them to compromised credentials. Major consulting firms, retail giants, and government agencies are among those potentially exposed. The report describes the situation as a wake-up call for large organizations to adopt MFA on critical cloud gateways. While MFA isn't infallible, it remains an essential safeguard against attacks like Zestix's, which rely on simple methods rather than sophisticated hacking techniques.