Webinar: How attackers bypass MFA and how defenders can respond

Many organizations view multi-factor authentication as one of their strongest defenses against account compromise. However, attackers increasingly use phishing techniques that don't require stealing passwords or bypassing MFA at all.

On July 8, 2026, BleepingComputer will host a live webinar titled "Stop chasing alerts: Automating email security with behavioral AI" presented by Dan Nickolaisen, Solutions Architect Manager at Abnormal AI, and Eric Danneker, Director of Cyber Vigilance and Defense at Novant Health.

The webinar will examine how modern phishing campaigns, business email compromise (BEC), and account takeover (ATO) attacks exploit trusted services and authentication workflows to gain access to corporate accounts.

One technique receiving growing attention is Device Code phishing, where attackers trick users into authorizing access through legitimate Microsoft authentication pages. Because users complete a real login and MFA challenge, attackers can obtain persistent access without ever stealing credentials.

This shift presents a challenge for security teams. Traditional email defenses, credential monitoring, and MFA protections may not detect these attacks, leaving analysts to investigate suspicious activity only after an account has already been compromised.