news 
Here is the written article:
Do Not Use This Login On Your PC—You Lose Everything
Recently, cybercriminals have been exploiting a weakness in two-factor authentication (2FA) to gain access to Microsoft Office 365 accounts. The threat arises from an adversary-in-the-middle (AiTM) phishing kit called “SessionShark” that can steal valid user session tokens to defeat two-factor authentication on these accounts.
This malicious tool, being sold as an educational tool, allows attackers to bypass Microsoft Office 365 multi-factor authentication protections and gain access to unsuspecting victims’ accounts. The impact is significant – if your account is unlocked with a password and a simple 2FA SMS code, you are at risk of losing everything on your PC.
Microsoft, Google, and other technology giants have been pushing the adoption of passkeys as an alternative to traditional passwords and SMS-based 2FAs. Passkeys link your account access to your physical hardware, making it much more difficult for attackers to gain unauthorized access.
However, with the rise in ClickFix attacks, where users are tricked into copying and pasting scripts on their Windows PCs, this new threat is causing concern among cybersecurity experts. These attacks typically load malware onto the user’s PC, allowing the attacker to steal credentials or data.
In this case, attackers can harvest credentials by making the login experience convincing and contextually appropriate. This means that even wary users may not notice anything out of the ordinary, as the phishing pages mimic real Microsoft login screens and handle different login workflows seamlessly.
It is crucial to set up passkeys for your Microsoft, Google, and other key accounts. Additionally, it is essential to only sign into your accounts through usual methods and avoid signing in via links in emails, messages, forum posts, or attachments.
Source: https://www.forbes.com/sites/zakdoffman/2025/04/26/do-not-use-this-login-on-your-pc-you-lose-everything/
