The National Computer Emergency Response Team (National CERT) has issued an advisory alerting institutions and users to a sharp rise in cyberattacks bypassing two-factor authentication (2FA) on Gmail, Microsoft 365, and other major cloud platforms.
The advisory warns that attackers are using fake login pages to steal user credentials and one-time passwords (OTPs), significantly increasing the risk of data breaches.
According to National CERT, SVG-based phishing attacks have surged by 1800% in 2025 alone. These attacks employ deceptive HTML5 CAPTCHA forms and malicious scripts to trick users into providing sensitive login information. The advisory notes that the growing sophistication of these techniques poses a serious threat to emails, files, and internal systems across both public and private sectors.
Attackers are reportedly expanding their focus beyond Gmail and Microsoft 365, targeting platforms like Google Workspace, SharePoint, and OneDrive. These services are integral to daily operations in many organizations, making them attractive entry points for hackers aiming to exfiltrate confidential data or disrupt business processes.
National CERT has directed all institutions to take immediate security measures, including auditing their login systems and implementing the latest security patches. Organizations are also urged to conduct red team testing specifically designed to assess vulnerabilities related to 2FA bypass, and to enforce strict access controls to prevent unauthorized entry.
To mitigate the risk, users are advised to access services only through direct, official URLs and avoid clicking on email links that could lead to phishing pages. National CERT emphasizes the need for heightened awareness, regular security training, and continuous monitoring to protect against this evolving cyber threat landscape.