Tycoon 2FA Goes Boom as Europol, Vendors Bust Phishing Platform
The phishing-as-a-service platform was popular among cyber threat actors because of its ability to bypass multifactor authentication defenses.
Phishing uses deceptive messages to steal credentials or deliver malware, while user verification, MFA, and email filtering reduce the risk.
Search across headline titles and summaries.
Background for this topic.
Phishing is deceptive communication—by email, text, phone, or a fake website—that impersonates a trusted person or service to make someone disclose credentials, approve a transaction, reveal sensitive information, or run harmful software. Attackers use it to bypass technical controls by persuading a legitimate user to perform an action, and may target employees, customers, administrators, or suppliers.
Its impact can include account takeover, unauthorized payments, exposure of personal or business data, and access to internal systems. The most effective control for stolen-password phishing is phishing-resistant multi-factor authentication, such as hardware-backed passkeys or security keys, which binds authentication to the legitimate site. Organizations should also filter and authenticate messaging where possible, use password managers, restrict risky actions, train users to verify unusual requests through a separate channel, and provide rapid reporting so suspected credentials or sessions can be revoked.
The phishing-as-a-service platform was popular among cyber threat actors because of its ability to bypass multifactor authentication defenses.
The browser is becoming the operating system for modern work, yet many enterprises still treat it as an extension of network or endpoint security. Keep Aware's 2026 State of Browser Security Report shows 41% of employees used AI web tools while browser-based phishing, extensions, and social engineering drive new security blind spots. [...]
Cybersecurity researchers have disclosed details of a new Russian cyber campaign that has targeted Ukrainian entities with two previously undocumented malware families named BadPaw and MeowMeow
Tycoon 2FA, one of the prominent phishing-as-a-service (PhaaS) toolkits that allowed cybercriminals to stage adversary-in-the-middle (AitM) credential harvesting attacks at scale, was dismantled by a coalition of law enforcement agencies and security companies
Browser-in-the-Browser (BitB) attacks make URL-checking advice useless. The URL looks perfect because the entire browser window is fake. Here is how they work, why your security stack misses them, and what defenders must monitor.
Bitwarden announced support for logging into Windows 11 devices using passkeys stored in the manager's vault, enabling phishing-resistant authentication. [...]
Password management software provider LastPass is warning users of a phishing campaign targeting its users with fake unauthorized account access alerts. [...]
An international law enforcement operation coordinated by Europol has disrupted Tycoon2FA, a major phishing-as-a-service (PhaaS) platform linked to tens of millions of phishing messages each month. [...]
Law enforcers and industry partners have taken down notorious phishing-as-a-service platform Tycoon2FA
The emerging actor, part of the APT41 nexus, gains initial access via phishing, and uses legitimate network services to obscure cyber espionage activities.
Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024
Tycoon 2FA was dismantled this week by law enforcement and industry partners including TrendAI™. The phishing-as-a-service platform offered MFA bypass services using adversary-in-the-middle (AitM) proxying.
Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages. [...]
Compromised cPanel credentials are being sold in bulk across underground channels as plug-and-play phishing and scam infrastructure. Flare explains how analyzing 200,000 underground posts reveals a commoditized market for hacked site management panels. [...]
Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication (MFA) protections
Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers
Crims hope for payday from malicious payloads rather than stealing access tokens Microsoft has warned organizations about ongoing OAuth abuse scams that use phishing emails and URL redirects to infect victims' machines with malware and take over their devices.…
A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims' browsers. [...]