This article from SC Media looking at the ways credential stuffing attack are changing includes commentary from Adam Khan, vice president of global security operations at Barracuda. Khan warns that attackers now recycle refresh tokens, abuse password reset workflows and probe API rate limits to mimic legitimate activity and bypass legacy defenses.