Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Tycoon 2FA phishing kit activity at enterprise scale

Malware Activity
First reported
Last updated
Happening score
H score 35
1 unique sources, 1 articles

Summary

Hide ▲

The Tycoon 2FA phishing kit is being used at scale to relay MFA and steal enterprise sessions, putting Microsoft 365 and Gmail users at risk. More than 64,000 attacks have already been tracked this year. The kit captures session cookies and proxies login flows directly to Microsoft or Google. That makes a single successful phish capable of enabling broad enterprise compromise.

Related Happenings

AI chatbot cryptojacking campaign targeting high-performance GPU users

Campaign
First: 27.05.2026 10:45 Last: 27.05.2026 10:45 Sources 1

About this happening: An active **cryptojacking campaign** is using **AI chatbot interactions** and **SEO-poisoned download sites** to deliver mining malware, expanding the reach of malicious downloads...

Open Happening

Kali365 Microsoft 365 device-code phishing campaign

Campaign
First: 25.05.2026 15:45 Last: 25.05.2026 15:45 Sources 1

About this happening: A **Kali365** phishing campaign is targeting **Microsoft 365** environments worldwide with **device-code login lures**, putting accounts at risk of **token theft** and **MFA bypas...

Open Happening

EvilTokens Microsoft 365 consent phishing campaign

Campaign
First: 19.05.2026 14:30 Last: 19.05.2026 14:30 Sources 1

About this happening: The **EvilTokens** campaign rapidly compromised **more than 340 Microsoft 365 organizations** across **five countries**, showing how **OAuth grant abuse** can bypass **MFA** and c...

Open Happening

Google sponsored search ManageWP phishing campaign

Campaign
First: 07.05.2026 00:36 Last: 07.05.2026 00:36 Sources 1

About this happening: A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...

Open Happening

Bluekit alliance reshapes ransomware ecosystem operations

Threat Actor Meta
First: 30.04.2026 21:58 Last: 30.04.2026 21:58 Sources 1

About this happening: Bluekit's **AI-assisted** phishing kit has expanded into an **all-in-one** service, lowering the barrier for cybercriminal operators and signaling a more industrialized phishing m...

Open Happening

Timeline

  1. 18.11.2025 17:01 2 articles · 6mo ago

    Tycoon 2FA is described as a large-scale MFA relay phishing kit

    Initial Disclosure

    Tycoon 2FA is described as a turnkey Phishing as a Service kit that has enabled over 64,000 attacks this year, often against Microsoft 365 and Gmail, by relaying MFA in real time, capturing credentials and session cookies, and giving operators full session access that can extend into SharePoint, OneDrive, email, Teams, HR systems, and finance systems.

    Show sources
    Open in new tab