Cyber Defense Magazine’s December issue includes a new article by Kevin Surace, Chair at Token, explaining why real time phishing relay attacks have become the most effective method for bypassing legacy MFA. These attacks are now driving many of the ransomware incidents and data breaches affecting organizations worldwide.

Another Preventable Breach Another week. Another preventable breach. This time it is Doordash, confirming that a social engineering scam gave attackers access to sensitive customer and driver information. But the real story is not the scam. The real story is the failure behind it.

What do CISA, NSA, NIST, OMB, DHS, the Department of Defense, Gartner, Microsoft, Google, the FIDO Alliance, and the entire cyber insurance industry know that so many organizations are still ignoring?

As seen in Bleeping Computer The Tycoon 2FA phishing kit signals a turning point in the battle against account takeover. This is not a tool built for elite attackers. It is a plug-and-play phishing kit that anyone can deploy, with zero coding skill required. Tycoon automates everything: setup, fake login pages, reverse proxy servers, real-time credential capture, and full MFA relay.

Ransomware attacks are rising faster than ever, and most share a common weakness — authentication that trusts too much. In his session from the recent Security Buzz webinar, Kevin Surace, Chairman of Token, explains why MFA apps and codes have become attackers’ favorite weapon instead of a defense.

A newly published academic paper introduces a new hacker tool called PixSnapping (download PDF), an advanced attack that can steal screen pixels from Android devices and reconstruct sensitive data like 2FA codes in real time. The research demonstrates that an attacker-controlled app can capture or infer the digits displayed by authenticator apps such as Google Authenticator in under thirty seconds.

A new study from UC San Diego Health should make every security leader stop and think. Researchers ran nearly 20,000 employees through ten simulated phishing campaigns over eight months. The result? Training made almost no difference. Employees who had recently completed mandatory cyber awareness courses failed phishing tests at virtually the same rate as those who hadn’t. The average gap was a sickly 1.7% improvement — effectively zero.

Last week, BleepingComputer reported on a clever new phishing campaign targeting Microsoft users. Instead of pixel-perfect fake sites or smishing lures, attackers are now abusing legitimate Microsoft ADFS redirect endpoints to steal logins.

How “ん” And Clever Domain Spoofing Are Bypassing Legacy MFA — And Why Only Token Shuts The Door In the evolving phishing landscape, attackers don’t need high-level exploits—they only need one cunning trick: swap in a lookalike character that fools the human eye. As detailed recently in BleepingComputer, Booking.com users recently fell victim to one such campaign that leveraged the Japanese Hiragana “ん” (Unicode U+3093) to masquerade as a familiar URL path. It’s no text-only illusion; this is phishing with precision.

CSO Online just dropped a staggering stat: ransomware attacks have jumped 179% in the first half of 2025. Credential theft? Up 800%. That’s not a typo. Eight. Hundred. Percent.

CISA just dropped a bombshell. In its latest alert (dated July 25, 2025), the U.S. Cybersecurity and Infrastructure Security Agency is now urging every enterprise to implement phishing-resistant multifactor authentication (MFA)—everywhere: for email, VPNs, and anything touching critical systems. Not “consider it.” Not “evaluate in the future.” Require it. Now.

Another day. Another preventable breach. This time it’s a major UK based insurance company, Allianz Life, and the attackers didn’t need zero-day exploits or complex malware. They just talked their way in.