When MFA Fails Quietly: Inside The Rise Of AiTM Phishing Attacks
Security Boulevard, Wednesday, January 28th, 2026
Multi-factor authentication has long been treated as a security finish line. Once enabled, organizations assume that account takeover risks drop dramatically. Recent attacker behavior suggests otherwise.
New reporting details a growing wave of adversary-in-the-middle (AiTM) phishing campaigns that are specifically designed to bypass MFA by hijacking authentication sessions in real time, according to IT Pro.
Rather than stealing credentials and attempting repeated logins, these attacks intercept users during legitimate sign-in flows. Session tokens are captured instantly and reused, giving attackers authenticated access without triggering failed-login alerts or MFA challenges.
What makes this approach dangerous is not just its sophistication, but how normal it looks once access is established.