Cybercriminals behind the Tycoon 2FA phishing kit have added a powerful new weapon to their playbook. By combining their well-known phishing infrastructure with OAuth Device Code abuse, they can now steal access to Microsoft 365 accounts without ever capturing a single password. The Tycoon 2FA phishing kit first gained attention as a Phishing-as-a-Service (PhaaS) platform. […]
The post Tycoon 2FA Operators Adopt OAuth Device Code Phishing to Bypass MFA appeared first on Cyber Security News.