A large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites stole passwords, hijacked sign-in sessions and skipped the authentication process even if MFA was enabled, according to a new report. The AiTM phishing campaign has targeted more than 10,000 organizations since September 2021, according to Microsoft, which has detailed the threat in a new blog.

Read full article on Infosecurity