Researcher at Proofpoint have discovered a new way to bypass MFA in cloud environments such as Microsoft 365 that use WS-Trust.
Click here for original story, New vulnerabilities allow hackers to bypass MFA for Microsoft 365
Source: Tech Radar