{"id":49272,"date":"2022-11-11T19:40:30","date_gmt":"2022-11-11T19:40:30","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/cookies-mfa-bypass-cyberattackers"},"modified":"2022-11-11T19:40:30","modified_gmt":"2022-11-11T19:40:30","slug":"cookies-for-mfa-bypass-gain-traction-among-cyberattackers","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\/","title":{"rendered":"Cookies for MFA Bypass Gain Traction Among Cyberattackers"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltdfd708d36673818d\/636ea50e1e8cf40ffef9c4a7\/cookies-Weyo-Alamy.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>When the malware group Lapsus$ needed to gain access to systems compromised in recent breaches, it not only searched for passwords but also for the session tokens \u2014 that is, cookies \u2014 used to authenticate a device or browser as legitimate.<\/p>\n<p>Their tactics for initial access highlights a trend among attackers, who will buy passwords and cookies on the criminals underground use them to access cloud services and on-premises applications. In addition, when they do get access to a system, attackers prioritize stealing cookies for later use or for sale. Session cookies have become the way for attackers to bypass multifactor authentication (MFA) mechanism that otherwise protect systems and cloud services from attackers, says Andy Thompson, global research evangelist at CyberArk Labs.<\/p>\n<p>In <a href=\"https:\/\/blackhatmea.com\/node\/507\" target=\"_blank\" rel=\"noopener\">a presentation at Black Hat Middle East and Africa<\/a> next week, CyberArk researchers will demonstrate how attackers can steal session cookies and then use them to gain access to business and cloud services.<\/p>\n<p>&#8220;The crazy part is that this applies to all types of multifactor, because stealing these cookies bypasses both authentication and authorization,&#8221; Thompson says. &#8220;Once you have authenticated using multifactor, that cookie is established on the endpoint, and the attacker can then use it for later access.&#8221;<\/p>\n<p>Stealing session cookies has become one of the most common ways that attackers circumvent multifactor authentication. The Emotet malware, the Raccoon Stealer malware-as-a-service, and the RedLine Stealer keylogger all have functionality for stealing sessions tokens from the browsers installed on a victim&#8217;s system<\/p>\n<p>In August, security software firm Sophos noted that the popular red-teaming and attack tools Mimikatz, Metasploit Meterpreter, and Cobalt Strike all could be used to harvest cookies from the browsers&#8217; caches as well, which the firm called &#8220;the new perimeter bypass.&#8221;<\/p>\n<p>&#8220;Cookies associated with authentication to Web services can be used by attackers in &#8216;pass the cookie&#8217; attacks, attempting to masquerade as the legitimate user to whom the cookie was originally issued and gain access to Web services without a login challenge,&#8221; Sean Gallagher, a threat researcher with Sophos, <a href=\"https:\/\/news.sophos.com\/en-us\/2022\/08\/18\/cookie-stealing-the-new-perimeter-bypass\/\" target=\"_blank\" rel=\"noopener\">stated in the August blog post<\/a>. &#8220;This is similar to &#8216;pass the hash&#8217; attacks, which use locally stored authentication hashes to gain access to network resources without having to crack the passwords.&#8221;<\/p>\n<h2 class=\"regular-text\">An Easy Attack for Sustaining Access<\/h2>\n<p>Stealing cookies is a pretty basic attack, but one that has grown in importance as more companies adopt adaptive authentication strategies, which use a cookie to allow a users on a specific browser and device to access a protected service, without having to reenter a multifactor authentication code.<\/p>\n<p>For attackers, there is very little needed to make the attack successful. As long as they have some sort of access to a machine, they can grab the cookies, says CyberArk&#8217;s Thompson.<\/p>\n<p>&#8220;Most attacks require some sort of elevation of privilege to install software,&#8221; he says. &#8220;With this, we have everything we need, regardless of the level of privilege. Even as a non-admin, we are still vulnerable to cookie harvesting.&#8221;<\/p>\n<h2 class=\"regular-text\">Attackers Take on MFA by Necessity<\/h2>\n<p>While stealing session cookies are a common way that attackers bypass multifactor authentication, there are a host of others as well. Keylogging can circumvent MFA by grabbing the one-time password used by many companies, while an adversary-in-the-middle attack can capture security information being sent both to and from a targeted service.<\/p>\n<p>Attackers can also attempt to access an account repeatedly, with the backend system sending an authentication request to the actual user. Known as MFA bombing, the technique&#8217;s goal is to overwhelm the user with requests and, from fatigue or from too little skepticism, have them click to allow the access. Attackers used stolen cookies and MFA bombing to <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/uber-breach-external-contractor-mfa-bombing-attack\" target=\"_blank\" rel=\"noopener\">compromise ride-share giant Uber<\/a> and <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/rockstar-games-confirms-grand-theft-auto-6-breach\" target=\"_blank\" rel=\"noopener\">entertainment firm Take-Two Interactive<\/a>.<\/p>\n<p>Overall, the way to prevent attackers from bypassing MFA is to have additional security software on systems to detect the theft of cookies, says CyberArk&#8217;s Thompson. So rather than just push users to adopt password managers and MFA and call that sufficient, companies need to adopt some sort of endpoint control as well, he says.<\/p>\n<p>&#8220;We also need some ability to have a sort of least privilege or application control, antivirus, or EDR\/XDR \u2014 any of those are really critical in solving the gap,&#8221; <span>Thompson <\/span>says. &#8220;We want to prevent malicious tools and actors from harvesting passwords or harvesting cookie information from memory.&#8221;<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/cookies-mfa-bypass-cyberattackers\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Multifactor authentication has gained adoption among organizations as a way of improving security over passwords alone, but increasing theft of browser cookies undermines that security.Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/cookies-mfa-bypass-cyberattackers\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-49272","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cookies for MFA Bypass Gain Traction Among Cyberattackers 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cookies for MFA Bypass Gain Traction Among Cyberattackers 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-11T19:40:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltdfd708d36673818d\/636ea50e1e8cf40ffef9c4a7\/cookies-Weyo-Alamy.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Cookies for MFA Bypass Gain Traction Among Cyberattackers\",\"datePublished\":\"2022-11-11T19:40:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\\\/\"},\"wordCount\":730,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltdfd708d36673818d\\\/636ea50e1e8cf40ffef9c4a7\\\/cookies-Weyo-Alamy.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\\\/\",\"name\":\"Cookies for MFA Bypass Gain Traction Among Cyberattackers 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltdfd708d36673818d\\\/636ea50e1e8cf40ffef9c4a7\\\/cookies-Weyo-Alamy.jpg\",\"datePublished\":\"2022-11-11T19:40:30+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltdfd708d36673818d\\\/636ea50e1e8cf40ffef9c4a7\\\/cookies-Weyo-Alamy.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltdfd708d36673818d\\\/636ea50e1e8cf40ffef9c4a7\\\/cookies-Weyo-Alamy.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cookies for MFA Bypass Gain Traction Among Cyberattackers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cookies for MFA Bypass Gain Traction Among Cyberattackers 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\/","og_locale":"en_US","og_type":"article","og_title":"Cookies for MFA Bypass Gain Traction Among Cyberattackers 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-11-11T19:40:30+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltdfd708d36673818d\/636ea50e1e8cf40ffef9c4a7\/cookies-Weyo-Alamy.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Cookies for MFA Bypass Gain Traction Among Cyberattackers","datePublished":"2022-11-11T19:40:30+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\/"},"wordCount":730,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltdfd708d36673818d\/636ea50e1e8cf40ffef9c4a7\/cookies-Weyo-Alamy.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\/","url":"https:\/\/www.threatshub.org\/blog\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\/","name":"Cookies for MFA Bypass Gain Traction Among Cyberattackers 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltdfd708d36673818d\/636ea50e1e8cf40ffef9c4a7\/cookies-Weyo-Alamy.jpg","datePublished":"2022-11-11T19:40:30+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltdfd708d36673818d\/636ea50e1e8cf40ffef9c4a7\/cookies-Weyo-Alamy.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltdfd708d36673818d\/636ea50e1e8cf40ffef9c4a7\/cookies-Weyo-Alamy.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/cookies-for-mfa-bypass-gain-traction-among-cyberattackers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Cookies for MFA Bypass Gain Traction Among Cyberattackers"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49272","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=49272"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49272\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=49272"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=49272"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=49272"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}