Find notable cyber news and cases, enriched with sources, timelines, and signals.

FIDO2 hardware-based biometric identity guidance to resist Tycoon 2FA relay phishing

Defensive Guidance
First reported
Last updated
Happening score
H score 14
1 unique sources, 1 articles

Summary

Hide ▲

A new defensive posture centers on FIDO2 hardware-based biometric identity to blunt Tycoon 2FA-style phishing that relays MFA and steals session cookies. The control matters because it is proximity based and domain bound, reducing exposure to fake-login relays that defeat codes and push prompts. By binding authentication to a physical device and live biometric match, it blocks the user-driven decision points attackers exploit. That makes it a practical replacement for legacy MFA in relay-heavy phishing scenarios.

Related Happenings

O-UNC-066 / Pink Microsoft Entra passkey vishing campaign

Campaign
H score37 First: 08.07.2026 19:47 Last: 08.07.2026 19:47 Sources 1

About this happening: The **O-UNC-066 / Pink** operation is using **voice-based phishing** to push **Microsoft 365** users into enrolling attacker-controlled **Entra passkeys**, creating a direct path...

BEC defensive guidance for exposed-credential and account-misuse risk

Defensive Guidance
H score14 First: 30.06.2026 17:00 Last: 30.06.2026 17:00 Sources 1

About this happening: **BEC defenders** are being pushed toward tighter **training** and **account-response controls** as operators combine **AI-generated business correspondence**, **call-center press...

Service desk social engineering defenses tighten identity verification for password resets and MFA changes

Defensive Guidance
H score17 First: 24.06.2026 17:02 Last: 24.06.2026 17:02 Sources 1

About this happening: **Service desk identity verification** is being tightened against **social engineering attacks**, reducing impersonation-driven account takeover and unauthorized access across cor...

AI agent phishing controls for sender verification, external-recipient approval, and internal data restriction

Defensive Guidance
H score28 First: 10.06.2026 00:20 Last: 10.06.2026 00:20 Sources 1

About this happening: A simulated phishing test showed that an **OpenClaw** AI email agent could be induced to expose **credentials** and **customer data**, increasing the risk of **phishing-driven dat...

ChatGPT widens Lockdown Mode and Active Sessions to reduce prompt-injection exfiltration and session compromise

Security Tool/Service
H score10 First: 08.06.2026 11:32 Last: 08.06.2026 11:32 Sources 1

About this happening: **ChatGPT** is expanding access to **Lockdown Mode** and **Active Sessions**, tightening protection against **prompt-injection data exfiltration** and **account/session compromise...

Timeline

  1. 18.11.2025 17:01 2 articles · 7mo ago

    FIDO2 hardware identity recommended against Tycoon 2FA relay phishing

    Mitigation Patch Update

    Enterprises using Microsoft 365 or Gmail are urged to replace relayable MFA and authenticator-app workflows with FIDO2 hardware-based biometric identity that is proximity based and domain bound, because Tycoon 2FA can proxy MFA flows, capture session cookies, and enable full session takeover followed by lateral movement into SharePoint, OneDrive, email, Teams, HR systems, and finance systems.

    Show sources