Mastodawn

Tycoon2FA, a persistent PhaaS kit, has resurfaced with a sophisticated device-code phishing tactic targeting Microsoft 365. Attackers exploit OAuth 2.0 device authorization flows, leading victims to complete MFA on legitimate Microsoft domains, unknowingly granting full access to their cloud data. This highlights the need to evolve defense strategies beyond simple MFA enforcement.

https://www.tpp.blog/11eerta

#cybersecurity #tycoon2fa #microsoft365

🤖 This post was AI-generated.

Analyst207 1d ago

Tycoon2FA Exploits Microsoft 365 with Device-Code Phishing

Beware of Tycoon2FA's sneaky phishing tactics: victims are tricked into granting OAuth tokens to attackers through Microsoft's own device-login flow after clicking a malicious link. This comeback kid of a phishing kit has bounced back from a March disruption, now with added layers of obfuscation to evade detection.

https://osintsights.com/tycoon2fa-exploits-microsoft-365-with-device-code-phishing?utm_source=mastodon&utm_medium=social

#Tycoon2fa #Microsoft365 #Phishing #DevicecodePhishing #Oauth

Tycoon2FA Exploits Microsoft 365 with Device-Code Phishing

Learn how Tycoon2FA exploits Microsoft 365 using device-code phishing, and protect your organization now by discovering crucial security measures to prevent OAuth token theft effectively today.

OSINTSights

RedPacket Security May 1

Email threat landscape: Q1 2026 trends and insights - https://www.redpacketsecurity.com/email-threat-landscape-q1-2026-trends-and-insights/

#threatintel
#Email threat landscape
#Phishing campaigns
#Tycoon2FA AiTM
#QR code phishing
#Business email compromise

Email threat landscape: Q1 2026 trends and insights - RedPacket Security

During the first quarter of 2026 (January-March), Microsoft Threat Intelligence detected approximately 8.3 billion email-based phishing threats, with monthly

RedPacket Security

The New Oil Mar 25

#Tycoon2FA #phishing platform returns after recent police disruption

https://www.bleepingcomputer.com/news/security/tycoon2fa-phishing-platform-returns-after-recent-police-disruption/

#cybercrime #cybersecurity

Tycoon2FA phishing platform returns after recent police disruption

The Tycoon2FA phishing-as-a-service (PhaaS) platform that Europol and partners disrupted on March 4 has already returned to previously observed activity levels.

BleepingComputer

maniabel Mar 24

Die Nachricht vom Europol-Erfolg klang Anfang März euphorisch: Schlag gegen die Cyberkriminalität gelungen... Doch nun zeigen Analysen, dass die Anfang März still gelegte PhaaS-Plattform nach Restrukturierung wieder da ist.

Mehr dazu: https://digiprax.maniabel.work/archiv/380

#cybersecurity #cybercrime #infosec #Tycoon2FA #PhaaS #Takedown #Europol #up2date

securityaffairs Mar 10

Law enforcement disrupted #Tycoon2FA phishing-as-a-service Platform
https://securityaffairs.com/189205/cyber-crime/law-enforcement-disrupted-tycoon-2fa-phishing-as-a-service-platform.html
#securityaffairs #hacking

Law enforcement disrupted Tycoon 2FA phishing-as-a-service platform

Authorities disrupted the Tycoon 2FA phishing-as-a-service platform used to send millions of phishing emails to over 500,000 orgs worldwide.

Security Affairs

Tarnkappe.info Mar 5

📬 LeakBase und Tycoon 2FA abgeschaltet: Doppelschlag gegen Cybercrime-Lieferkette
#DarkCommerce #Cybercrime #CybercrimePlattformen #Datenleaks #europol #LeakBase #MehrfaktorAuthentifizierung #Phishing #PhishingasaService #Tycoon2FA https://sc.tarnkappe.info/e2c626

LeakBase und Tycoon 2FA abgeschaltet: Doppelschlag gegen Cybercrime-Lieferkette

LeakBase & Tycoon 2FA abgeschaltet: Zwei internationale Aktionen treffen zentrale Dienste der Cybercrime-Infrastruktur.

TARNKAPPE.INFO

Hackread.com Mar 5

🎣 Authorities have seized over 300 domains and dismantled the #Tycoon2FA phishing kit used by attackers to bypass MFA in targeted attacks against businesses.

Read: https://hackread.com/tycoon-2fa-phishing-platform-shut-down-bypass-mfa/

#CyberSecurity #CyberCrime #Phishing #Scam

Authorities Shut Down Tycoon 2FA Phishing Platform Used to Bypass MFA

Hackread - Cybersecurity News, Data Breaches, AI and More

RedPacket Security Mar 5

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale - https://www.redpacketsecurity.com/inside-tycoon2fa-how-a-leading-aitm-phishing-kit-operated-at-scale/

#threatintel
#tycoon2fa
#aitm
#phishing
#mfa
#cybercrime

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale - RedPacket Security

Following its emergence in August 2023, Tycoon2FA rapidly became one of the most widespread phishing-as-a-service (PhaaS) platforms, enabling campaigns

RedPacket Security

Marcel SIneM(S)US Mar 5

Europäische Strafverfolger zerschlagen #Phishing-Plattform | heise online https://www.heise.de/news/Europaeische-Strafverfolgungsbehoerden-zerschlagen-Phishing-Plattform-11199550.html #CyberCrime #Tycoon2FA

Europäische Strafverfolger zerschlagen Phishing-Plattform

Tycoon2FA gehörte zu den weltweit größten Phishing-Operationen. Sie ermöglichte Kriminellen unbemerkten Zugriff auf E-Mail-Konten. Nun wurde sie abgeschaltet.

heise online