Attackers are deploying advanced phishing kits capable of bypassing multi-factor authentication through real-time session hijacking.
Adversary-in-the-middle techniques enable credential theft even when users enter valid second factors.
Phishing-resistant authentication like FIDO2 passkeys remains the most effective defense currently available.
