Threat actors have started moving away from authenticating via legacy protocols to bypass multifactor authentication (MFA) in Microsoft 365, according to an Expel report on cybersecurity trends. Instead, malicious actors are adopting frameworks such as Evilginx2 to facilitate adversary-in-the-middle (AiTM) phishing attacks to steal login credentials and session cookies for initial access and MFA bypass...