The New Phishing Click: How OAuth Consent Bypasses MFA
In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340...
phishingasaservice
Law enforcement disrupted Tycoon 2FA phishing-as-a-service platform
Law enforcement disrupted Tycoon 2FA phishing-as-a-service platform Pierluigi Paganini March 10, 2026 Authorities disrupted the Tycoon 2FA phishing-as-a-service platform used...
Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks
Tycoon 2FA, one of the prominent phishing-as-a-service (PhaaS) toolkits that allowed cybercriminals to stage adversary-in-the-middle (AitM) credential harvesting attacks at...
Europol, Microsoft, TrendAI™ and Collaborators Halt Tycoon 2FA Operations
The operations of phishing-as-a-service (PhaaS) platform Tycoon 2FA was taken offline this week by the combined effort of law enforcement that includes Europol and other partner agencies, as well...
