Analysts see an uptick in token theft from authenticated users, allowing threat actors to bypass MFA protections.