CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Phishing-as-a-Service Platform Whisper 2FA Facilitates One Million Attacks Since July 2025

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

The phishing-as-a-service (PhaaS) platform Whisper 2FA has been responsible for nearly one million phishing attacks since July 2025. Whisper 2FA uses AJAX to capture credentials and multi-factor authentication (MFA) codes, effectively bypassing MFA protections. The platform has evolved rapidly, incorporating advanced obfuscation and anti-debugging techniques. Whisper 2FA targets multiple industries by mimicking popular brands such as DocuSign, Adobe, and Microsoft 365. The attacks use urgent lures like invoices or voicemail notifications to prompt users to log in and submit their details. The platform's sophistication and ease of deployment make it a significant threat in the PhaaS landscape, ranking just behind Tycoon and EvilProxy.

Timeline

  1. 15.10.2025 18:00 1 articles · 23h ago

    Whisper 2FA Phishing Platform Conducts One Million Attacks Since July 2025

    The phishing-as-a-service (PhaaS) platform Whisper 2FA has been responsible for nearly one million phishing attacks since July 2025. The platform uses AJAX to capture credentials and multi-factor authentication (MFA) codes, effectively bypassing MFA protections. Whisper 2FA has evolved rapidly, incorporating advanced obfuscation and anti-debugging techniques to evade detection. The platform targets multiple industries by mimicking popular brands and using urgent lures to prompt users to submit their details.

    Show sources
    Open in new tab

Information Snippets