> TritonInfoSec News

Home / May 18, 2026 / Story

#4 BleepingComputer general May 17, 2026 at 14:43 UTC

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

By Bill Toulas

AI Summary

The Tycoon2FA phishing-as-a-service kit has added device-code phishing support and is abusing Trustifi click-tracking URLs to bypass link-scanning defenses and hijack Microsoft 365 accounts. Device-code phishing is particularly dangerous because it circumvents MFA by tricking users into authorizing attacker-controlled OAuth tokens.

Read full article → https://www.bleepingcomputer.com/news/security/tyc…

Relevance score: 85.0/100

Sponsored

Protect Your Business

Expert cybersecurity solutions to safeguard your organization from evolving threats.

Get Protected →

# More from May 18

1
New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released BleepingComputer
2
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE The Hacker News
3
Russian hackers turn Kazuar backdoor into modular P2P botnet BleepingComputer
5
Hackers Earn $1.3 Million at Pwn2Own Berlin 2026 SecurityWeek
6
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt The Hacker News
7
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming The Hacker News
8
Microsoft rejects critical Azure vulnerability report, no CVE issued BleepingComputer
9
Can Laws Stop Deepfakes? South Korea Aims to Find Out Dark Reading
10
Why geopolitical turmoil is a gift for scammers, and how to stay safe WeLiveSecurity (ESET)