MFA Prompt Bombing: Why Your Second Factor Isn't Saving You

This article explains the rising threat of "MFA prompt bombing," where attackers with valid credentials repeatedly send push-based MFA requests and use social engineering (often vishing) to get users to approve them; it cites the 2022 Cisco breach by a Yanluowang-linked actor as a real-world example that enabled VPN access, persistence, privilege escalation, and data exfiltration. Recommended mitigations include adopting phishing-resistant MFA (FIDO2/security keys or number-matching), blocking compromised passwords at the source, and adding conditional access risk signals to authentication flows.