Adversary-in-the-Middle Phishing Is Defeating MFA Now
🔐 Modern phishing now uses adversary-in-the-middle proxies that capture entire authentication flows, including MFA prompts and session cookies. Employees can complete legitimate logins and still be compromised because attackers replay session tokens from a different machine. Organizations must move beyond traditional MFA and outdated awareness training and instead deploy phishing-resistant authentication, bind sessions to managed devices, and monitor post-authentication behavior.
