A new phishing kit named SessionShark has been discovered, capable of bypassing multi-factor authentication (MFA) to steal Office 365 login credentials. This kit employs sophisticated techniques that make it easier for attackers to gain unauthorized access to sensitive accounts, raising concerns about the effectiveness of current security measures.