The New Phishing Click: How OAuth Consent Bypasses MFA

In February 2026, a phishing-as-a-service PhaaS platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogi...

CVE-2025-37184

A vulnerability exists in an Orchestrator service that could allow an unauthenticated remote attacker to bypass multi-factor authentication requirements. Successful exploitation could allow an attacker to create an admin user account without the necessary multi-factor authentication, thereby...

CVE-2025-37184

A vulnerability exists in an Orchestrator service that could allow an unauthenticated remote attacker to bypass multi-factor authentication requirements. Successful exploitation could allow an attacker to create an admin user account without the necessary multi-factor authentication, thereby...

CVE-2025-37184

A vulnerability exists in an Orchestrator service that could allow an unauthenticated remote attacker to bypass multi-factor authentication requirements. Successful exploitation could allow an attacker to create an admin user account without the necessary multi-factor authentication, thereby...

CVE-2025-62004

BullWall Server Intrusion Protection SIP services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP...

BIT-MOODLE-2025-62398 Moodle: possible to bypass mfa

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

Moodle does not properly enforce MFA

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

CVE-2025-62398

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

Authentication Bypass

Vault is vulnerable to authentication bypass. The vulnerability is due to insufficient enforcement of MFA login rate limits and TOTP token reuse, which allows an attacker to bypass MFA protections and reuse valid tokens for unauthorized access...

CVE-2024-40713

A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication MFA settings and bypass MFA...

PT-2023-25189 · Serv-U · Serv-U

Name of the Vulnerable Software and Affected Versions: Serv-U version 15.4 Description: A vulnerability has been identified that allows an actor to bypass multi-factor or two-factor authentication. The actor must have administrator-level access to perform this action. Recommendations: For Serv-U...