#phishing-as-a-service

[ follow ]
#phishing #cybercrime #smishing #cybersecurity #microsoft-365 #domain-takedown #mfa-attacks
Information security
fromThe Hacker News
2 days ago

Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Law enforcement and security companies dismantled Tycoon2FA and LeakBase, major infrastructure supporting phishing-as-a-service operations that compromised MFA credentials at scale.
fromTechzine Global
6 days ago

How phishing service Tycoon 2FA went under

Tycoon 2FA, a Phishing-as-a-Service (PhaaS) platform, enabled thousands of cybercriminals to steal login credentials and session tokens. Even accounts secured with MFA could be compromised via a single email. The service had been active since at least 2023 and quickly grew to become one of the most widely used phishing platforms in the world.
Information security
Information security
fromThe Hacker News
6 days ago

Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks

Law enforcement and security companies dismantled Tycoon 2FA, a major phishing-as-a-service toolkit that facilitated credential harvesting attacks affecting nearly 100,000 organizations globally.
Privacy technologies
fromSecurityWeek
1 week ago

Tycoon 2FA Phishing Platform Dismantled in Global Takedown

Europol and Microsoft led a coordinated takedown of Tycoon 2FA, a phishing-as-a-service platform responsible for 62% of phishing attempts blocked by Microsoft and affecting 96,000 victims worldwide.
Information security
fromTechzine Global
2 months ago

Number of phishing attacks doubles in one year

Phishing kits and phishing-as-a-service expanded in 2025, enabling less skilled attackers and leveraging AI-generated messages and QR-based quishing to increase realism and bypass defenses.
Information security
fromThe Hacker News
3 months ago

Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar

Sneaky 2FA PhaaS now uses Browser-in-the-Browser (BitB) to present fake Microsoft login pop-ups, enabling large-scale credential theft and account takeover.
#phishing
fromAxios
3 months ago
Information security

Google targets China-based scam operators sending Americans' toll fraud texts

fromAxios
3 months ago
Information security

Google targets China-based scam operators sending Americans' toll fraud texts

more#phishing
fromTheregister
3 months ago

Google sues 25 China-based scammers behind phishing kit

Lighthouse is a phishing software service described in the lawsuit [PDF] as a "phishing for dummies" kit. Criminals pay a monthly subscription fee for access to hundreds of templates for fake websites, domain set-up tools for those phony sites, and other features designed to dupe victims into believing they are visiting a legitimate website. The crims use these sites to trick victims into entering their financial info and other sensitive details, which the crooks then steal.
Information security
#smishing
more#smishing
Information security
fromIT Pro
4 months ago

Hackers are using a new phishing kit to steal Microsoft 365 credentials and MFA tokens - Whisper 2FA is evolving rapidly and has been used in nearly one million attacks since July

Whisper 2FA is a PhaaS tool that steals credentials and MFA tokens from Microsoft 365 accounts while evading detection through advanced obfuscation.
#raccoono365
more#raccoono365
Information security
fromSecurityWeek
5 months ago

RaccoonO365 Phishing Service Disrupted, Leader Identified

Microsoft and Cloudflare disrupted RaccoonO365, a phishing-as-a-service that stole thousands of Microsoft 365 credentials and targeted healthcare, prompting legal and technical takedowns.
fromTheregister
5 months ago

Google, Microsoft account takeover made easy via VoidProxy

The phishes target any Google and Microsoft accounts, from small businesses to large enterprises, we're told. And while Okta didn't have a confirmed victim count, "we have observed high-confidence account takeovers in multiple entities," the threat intel team told us. "By extension, we expect Microsoft and Google will have observed a larger number of ATO events, given that VoidProxy proxies non-federated users directly with Microsoft and Google servers."
Information security
Information security
fromThe Hacker News
5 months ago

Watch Out for Salty2FA: New Phishing Kit Targeting US and EU Enterprises

Salty2FA is a PhaaS phishing kit that bypasses push, SMS, and voice 2FA to intercept credentials and codes, enabling high-impact account takeovers across industries.
#cybersecurity
fromITProUK
10 months ago
Privacy professionals

'Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 - and experts warn it's lowering the barrier of entry for amateur hackers

Privacy professionals
fromITProUK
10 months ago

'Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 - and experts warn it's lowering the barrier of entry for amateur hackers

The cost of launching phishing attacks is decreasing, making it easier for criminals with minimal skills to execute cyber crimes.
more#cybersecurity
fromTheregister
10 months ago

Darcula adds AI to its DIY phishing kits

This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy criminals to deploy customized scams in minutes.
Growth hacking
[ Load more ]