IAMDevBoxEuropol just took down Tycoon 2FA — the biggest phishing-as-a-service platform (96K victims, 55K Microsoft accounts). Meanwhile, Starkiller shows AitM phishing is now a SaaS product. TOTP, push, and SMS MFA all fail. Only FIDO2 passkeys stop it.
Europol just took down Tycoon 2FA — the biggest phishing-as-a-service platform (96K victims, 55K Microsoft accounts). Meanwhile, Starkiller shows AitM phishing is now a SaaS product. TOTP, push, and SMS MFA all fail. Only FIDO2 passkeys stop it.