355
Over 5,300 GitLab servers exposed to zero-click account takeover attacks
(www.bleepingcomputer.com)
This is a most excellent place for technology news and articles.
I mean it’s just 2fa without the password so same issues with what I described
https://www.csoonline.com/article/570795/how-to-hack-2fa.html
just the first result on google
"5 ways to hack 2FA" is pretty click-baity though. All of those attacks are either not exclusively related to 2FA or could target another component. If you can just bypass security altogether, instead of questioning 2FA, you should consider ditching that service/site.
All except point 1, that is. But everyone should know by now that 2FA by SMS is insecure.