Skip to content
The Nexus
SECURITYMay 17 · 14:43 UTCBLEEPING COMPUTERBill Toulas

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

The Tycoon2FA phishing kit has been updated to support device-code phishing attacks, allowing it to hijack Microsoft 365 accounts by abusing Trustifi click-tracking URLs. This new capability enables attackers to gain unauthorized access to sensitive information. The phishing kit's evolution poses a significant threat to account security.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this