MITRE ATT&CK — FreeIntelHub

T1557 — Adversary-in-the-Middle (Credential Access)

9 articles found

GBHackers Vulnerability Disclosure 1d ago

Hackers Exploit Claude Code MCP Traffic to Hijack OAuth Authentication Tokens

Threat researchers have uncovered a novel man-in-the-middle (MitM) attack chain targeting Anthropic’s Claude Code ecosystem, where adversaries hijack Model C...

T1557

GBHackers →

Elastic Security Labs General Google May 26

Detecting Tycoon 2FA AiTM attacks across Entra ID and Google Workspace

Tycoon 2FA bypasses MFA on Entra ID and Google Workspace. We map telemetry fingerprints across both platforms, ship detection rules for both tiers, and conta...

T1557

Elastic Security Labs →

SC Media Data Breach May 20

The AiTM problem nobody's architecture actually solves

Accountability becomes the big issue following a breach – does the team know who’s responsible for what?

T1557 T1598

SC Media →

Mandiant Blog TTPs Google Intel May 15

Welcome to BlackFile: Inside a Vishing Extortion Operation

Written by: Austin Larsen, Tyler McLellan, Genevieve Stark, Dan Ebreo Introduction Google Threat Intelligence Group (GTIG) has continued to track an expansiv...

T1566 T1557

Mandiant Blog →

GBHackers Vulnerability Disclosure Google May 7

Hackers Exploit Google Ads to Steal GoDaddy ManageWP Logins

Hackers are abusing Google Ads to steal GoDaddy ManageWP credentials by placing a look‑alike phishing ad above the legitimate ManageWP result and proxying vi...

T1566 T1557

GBHackers →

Microsoft Security Blog Campaigns Microsoft May 4

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise

Microsoft Defender Research observed a large-scale credential theft campaign that exemplifies this trend, using code of conduct-themed lures, a multi-step at...

T1566 T1078 T1557

Microsoft Security Blog →

Infosecurity Magazine Campaigns Google Mar 27