Google Chrome has introduced a powerful new security feature designed to stop attackers hijacking user sessions; even when two-factor authentication is enabled. By binding session credentials to a specific device, this update significantly reduces the risk of account takeover. Here’s what it means for your security posture.

Tycoon2FA is evolving again, now abusing Microsoft’s legitimate device login process to hijack Microsoft 365 accounts while bypassing traditional phishing protections. Learn how device-code phishing works, why MFA alone may not be enough, and what organisations can do to better secure Entra ID and Microsoft 365 environments.

Multi-stage “code of conduct” phishing used PDF lures and CAPTCHA gating to drive victims into an AiTM proxy that stole session tokens and bypassed MFA at scale.