Ars Technica

Why MFA is getting easier to bypass and what to do about it

An entire cottage industry has formed around phishing attacks that bypass some of the most common forms of multifactor authentication (MFA) and allow even non-technical users to quickly create sites ...
The Hacker News

MFA Prompt Bombing: Why Your Second Factor Isn't Saving You

MFA prompt bombing enabled Cisco attackers to steal 2.8GB in 2022, exposing push MFA weaknesses and account takeover risks.
Bleeping Computer

How attackers are still phishing "phishing-resistant" authentication

As awareness grows around many MFA methods being “phishable” (i.e. not phishing resistant), passwordless, FIDO2-based authentication methods (aka. passkeys) like YubiKeys, Okta FastPass, and Windows ...