A novel Device Code phishing technique automates the authentication process, allowing attackers to bypass FIDO's phishing resistance by redirecting victims to a legitimate authentication page without needing them to manually enter codes. Despite Microsoft's fixes for normal Entra tenants, vulnerabilities remain for federated tenants. The article emphasizes the dangers of this attack model, which can exploit users’ trust in established authentication methods.

OktaGinx is a phishlet designed for Evilginx that enables the bypassing of Okta authentication when used in conjunction with Azure. It incorporates techniques to evade framebusters, enhancing its phishing capabilities.

VoidProxy is a new phishing service that effectively bypasses multi-factor authentication (MFA) from major platforms such as Microsoft and Google. It allows cybercriminals to exploit vulnerabilities in the MFA process, increasing the risk of account breaches for users who rely on these security measures. The service is designed to steal user credentials and session tokens, making it a significant threat to online security.

Facebook has announced support for passkeys, a feature designed to enhance security by reducing the risk of phishing attacks. This move aligns with the broader industry trend towards passwordless authentication methods, aiming to make online experiences safer for users. The integration of passkeys allows users to log in using biometric data or security keys instead of traditional passwords.

A new downgrade attack against Microsoft Entra ID has been developed, which tricks users into using weaker authentication methods, making them vulnerable to phishing and session hijacking. By spoofing a browser that lacks FIDO support, attackers can bypass FIDO authentication and intercept user credentials and session cookies. Although no real-world attacks using this method have been reported yet, the risk remains significant, particularly in targeted scenarios.

Phishing attacks that bypass multifactor authentication (MFA) are becoming increasingly accessible, with tools available that allow even non-technical users to create convincing phishing sites. These attacks utilize a method called "adversary in the middle," where attackers set up proxy servers to intercept login credentials and MFA codes from victims. The rise of phishing-as-a-service toolkits makes it easier for criminals to launch these attacks, posing a significant threat to online security.