SECURITYBLEEPING COMPUTER
Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing
The Tycoon2FA phishing kit has been updated to support device-code phishing attacks, allowing it to hijack Microsoft 365 accounts by abusing Trustifi click-tracking URLs. This new capability enables attackers to gain unauthorized access to sensitive information. The phishing kit's evolution poses a significant threat to account security.