Collecting Cyber-News from over 60 sources

Tag: 2fa

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Jun 16, 2026 7:02 PM

Tags: 2fa, exploit, hacker, LLM, vulnerability

SearchLeak exploit shows why the industry’s approach to LLM security fails over and over. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/06/critical-copilot-vulnerability-allowed-hackers-to-seal-2fa-code-from-users/
Critical Copilot vulnerability allowed hackers to seal 2FA code from users

Jun 16, 2026 2:02 PM

Tags: 2fa, exploit, hacker, LLM, vulnerability

SearchLeak exploit shows why the industry’s approach to LLM security fails over and over. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/06/critical-copilot-vulnerability-allowed-hackers-to-seal-2fa-code-from-users/
Ghostwriter APT Uses Fake Gmail Login Panels to Steal Passwords and 2FA Codes

Jun 16, 2026 1:01 PM

Tags: 2fa, apt, authentication, cyber, email, group, login, mfa, password, phishing

Ghostwriter (UNC1151) has escalated its long-standing phishing operations by deploying convincing fake Gmail login panels that harvest both passwords and two-factor authentication (2FA) codes, CERT Polska reports. The group historically focused on Polish email providers such as Onet, Wirtualna Polska and Interia shifted in March 2026 to high-volume Gmail-targeted campaigns. Attackers send professionally worded Polish-language…
Instagram Recovery Tool Bug Exposed 20,225 Accounts to Password Reset Abuse

Jun 8, 2026 2:42 PM

Tags: 2fa, data-breach, password, tool

Meta says an Instagram recovery tool bug allowed attackers to abuse password resets, affecting 20,225 accounts and exposing users without 2FA to account takeover risk. First seen on hackread.com Jump to article: hackread.com/instagram-recovery-tool-bug-accounts-password-reset/
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

May 23, 2026 8:00 PM

Tags: 2fa, attack, authentication, control, github, mfa, software, supply-chain

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation.Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor authentication…
Mini Shai-Hulud Attack Prompts npm to Revoke 2FA-Bypass Tokens

May 22, 2026 8:00 AM

Tags: 2fa, access, attack, authentication, cyber, mfa, supply-chain

npm has forced a platform-wide reset of granular access tokens that bypass two-factor authentication (2FA) after a wave of supply chain attacks linked to the “Mini Shai-Hulud” campaign compromised hundreds of JavaScript packages. The emergency action, rolled out on May 19, invalidated all npm tokens with write permissions that allowed publishing without 2FA. The move…
Breach Roundup: Shai-Hulud Copycat Hits npm

May 22, 2026 12:00 AM

Tags: 2fa, ai, breach, cisco, cve, cvss, data, data-breach, linux, malware, microsoft, password

Also, YellowKey Gets CVE, 7-Eleven Breach, Linux Maintainers Warn on AI Bug Spam. This week, more incidents that we can here list. Among them: cloned Shai-Hulud malware, a new maximum CVSS Cisco flaw. Edge to stop loading passwords in plaintext. Tycoon 2FA offers a way around Microsoft multifactor. Convenience, taquitos and data breach: The 7-Eleven…
Tycoon 2FA Operators Use OAuth Device Code Phishing to Bypass MFA

May 15, 2026 11:00 AM

Tags: 2fa, credentials, cyber, mfa, microsoft, phishing, service, threat

A new phishing campaign uncovered in late April 2026 shows how threat actors behind the Tycoon 2FA Phishing-as-a-Service (PhaaS) kit are evolving beyond traditional credential theft. This development comes just weeks after a global takedown effort led by Microsoft and Europol disrupted Tycoon 2FA infrastructure. Despite that operation, the actors have quickly adapted, reusing their…
Google Says Hackers Used AI to Build Zero-Day Exploit

May 12, 2026 5:19 PM

Tags: 2fa, ai, exploit, google, hacker, zero-day

Google says hackers used AI to help build a zero-day exploit targeting 2FA, raising concerns about AI-assisted hacking. The post Google Says Hackers Used AI to Build Zero-Day Exploit appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-hackers-ai-zero-day-exploit/
Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

May 11, 2026 7:19 PM

Tags: 2fa, ai, cybercrime, exploit, google, hacker, intelligence, malicious, technology, threat, vulnerability, zero-day

Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) system, marking the first time the technology has been put to use in the wild in a malicious context for vulnerability discovery and exploit generation.The activity is said to…
Saiga 2FA: Gefährliches Phishing-Kit kehrt mit neuer Tarntechnik zurück

May 7, 2026 10:48 AM

Tags: 2fa, phishing

Neue Analysen von Barracuda Research zeigen aktuelle Angriffswellen eines selten beobachteten Phishing-Kits mit dem Namen Saiga 2FA. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/saiga-2fa-gefaehrliches-phishing-kit
Attacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA

May 6, 2026 5:48 PM

Tags: 2fa, attack, hacker, phone, rat, windows

In hard-to-detect attacks, hackers are dropping the CloudZ RAT and a fresh plugin, Pheno, to hijack the Windows-based bridge between PCs and smartphones. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/attacks-abuse-windows-phone-link-texts-bypass-2fa
Bluekit Phishing Kit Streamlines Domains, 2FA Lures, and Session Hijacking

May 4, 2026 3:48 PM

Tags: 2fa, attack, automation, cyber, cybercrime, data, phishing

A newly discovered phishing kit called “Bluekit” is reshaping how cybercriminals run phishing campaigns by combining multiple attack stages into a single, centralized platform. Instead, Bluekit integrates these capabilities into one operator panel, streamlining the entire attack lifecycle from setup to data exfiltration. This shift reflects a broader trend toward automation and ease of use…
Stopping AiTM attacks: The defenses that actually work after authentication succeeds

Apr 28, 2026 11:39 AM

Tags: 2fa, access, attack, authentication, awareness, breach, communications, compliance, control, credentials, data, defense, detection, email, finance, framework, identity, incident response, login, mfa, microsoft, monitoring, nist, passkey, phishing, risk, service, threat, tool, training

The 3 controls that close the gap: Control #1: Bind sessions to managed devices The most impactful single control for session security is requiring managed, compliant devices as a condition of accessing sensitive resources. When access policies, such as Microsoft Entra Conditional Access, require that the device presenting a session token is enrolled, managed and…
Top techniques attackers use to infiltrate your systems today

Apr 21, 2026 11:39 AM

Tags: 2fa, access, ai, api, attack, authentication, automation, business, captcha, cloud, container, control, corporate, credentials, cybercrime, cybersecurity, data, deep-fake, defense, detection, email, exploit, flaw, hacking, Hardware, identity, infrastructure, least-privilege, malicious, mfa, microsoft, monitoring, network, password, phishing, powershell, ransomware, risk, saas, scam, service, social-engineering, software, supply-chain, theft, tool, training, vpn, vulnerability, worm

Network security device hacking: Network edge devices have increasingly drawn attackers’ attention over the past two years, establishing a new battleground where the very devices meant to protect the network have become attractive targets for exploitation.As a result, flaws in security device, such as SSL VPN systems and other gateways, are among the top initial…
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing

Apr 17, 2026 11:38 PM

Tags: 2fa, access, login, phishing, service

In embracing device code phishing, attackers trick victims into handing over account access by using a service’s legitimate new-device login flow. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/tycoon-2fa-hackers-device-code-phishing
Two-Factor Authentication Breaks Free from the Desktop

Apr 17, 2026 12:48 AM

Tags: 2fa, authentication, mfa, threat

Threat actors know how to bypass security systems outside of traditional IT environments. Implementing 2FA could provide a needed extra security barrier in the physical world. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/two-factor-authentication-breaks-free-from-the-desktop
Storm Infostealer umgeht 2FA: Malware übernimmt Accounts ohne Passwort

Apr 7, 2026 7:51 PM

Tags: 2fa, malware, password

Der neue Storm Infostealer umgeht 2FA, kapert Accounts per Session-Hijacking und entschlüsselt Daten serverseitig. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/szene/dark-commerce/storm-infostealer-umgeht-2fa-malware-uebernimmt-accounts-ohne-passwort-328010.html
Product showcase: Proton Authenticator is an endend encrypted, open source 2FA app

Apr 6, 2026 7:52 AM

Tags: 2fa, authentication, mfa, open-source, password

Proton Authenticator is a free and open-source two-factor authentication (2FA) app that generates time-based one-time passwords (TOTP) to help secure online accounts. It is … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/06/product-showcase-proton-authenticator-encrypted-open-source-2fa-app/
Breach Roundup: Tycoon2FA Phishing Platform Rebounds

Mar 26, 2026 11:49 PM

Tags: 2fa, attack, breach, data, data-breach, healthcare, iran, malware, north-korea, oracle, phishing, ransomware, russia

Also, Russian Signal Phishing, Iran-Linked Malware, Breaches in Spain and France. This week, Tycoon 2FA, Trio-Tech, messaging app spying and a ransomware broker sentenced. Iran-linked hackers. Mazda disclosed a breach. Oracle patched a flaw. North Korean actors weaponized VS Code, a Spanish port ransomware attack, a French teacher data breach and a healthcare firm victim…
FancyBear Server Leak Exposes Stolen Credentials, 2FA Secrets, NATO Targets

Mar 18, 2026 3:10 PM

Tags: 2fa, breach, credentials, cyber, data-breach, espionage, government, infrastructure, leak, military, russia

FancyBear’s latest operational security failure has exposed a live Russian espionage server packed with stolen credentials, 2FA secrets, and detailed insight into the ongoing targeting of European government and military networks. The exposed infrastructure, tied to APT28/FancyBear and previously reported by CERT”‘UA and Hunt.io, reveals both the scale of the compromises and the carelessness of…
Law enforcement disrupted Tycoon 2FA phishing-as-a-service platform

Mar 10, 2026 10:47 AM

Tags: 2fa, email, infrastructure, law, microsoft, phishing, service

Authorities disrupted the Tycoon 2FA phishing-as-a-service platform used to send millions of phishing emails to over 500,000 orgs worldwide. The joint effort, led by Microsoft, Europol, and industry partners, aimed to target the infrastructure of Tycoon 2FA phishing-as-a-service platform responsible for tens of millions of fraudulent emails reaching over 500,000 organizations each month worldwide. By…
Inside Tycoon 2FA: Disrupting a Global Phishing Operation

Mar 6, 2026 9:47 PM

Tags: 2fa, phishing

First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/inside-tycoon-2fa-disrupting-a-global-phishing-operation
How hackers bypassed MFA with a $120 phishing kit until a global takedown shut it down

Mar 6, 2026 7:50 PM

Tags: 2fa, cybersecurity, hacker, law, mfa, phishing, service

In a co-ordinated public-private operation between law enforcement agencies and cybersecurity industry partners, Tycoon 2FA – one of the world’s most prolific phishing-as-a-service platforms – has been dismantled. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/hackers-bypassed-mfa-120-phishing-kit-global-takedown-shut-down
How hackers bypassed MFA with a $120 phishing kit until a global takedown shut it down

Mar 6, 2026 7:50 PM

Tags: 2fa, cybersecurity, hacker, law, mfa, phishing, service

In a co-ordinated public-private operation between law enforcement agencies and cybersecurity industry partners, Tycoon 2FA – one of the world’s most prolific phishing-as-a-service platforms – has been dismantled. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/hackers-bypassed-mfa-120-phishing-kit-global-takedown-shut-down
Tycoon 2FA abgeschaltet: Schlag gegen weltweites AiTM-Phishing

Mar 6, 2026 10:47 AM

Tags: 2fa, infrastructure, phishing, service

Eine internationale Kooperation aus Sicherheitsfirmen und Behörden hat die Infrastruktur von Tycoon 2FA, einer der meistgenutzten Phishing-as-a-Service-Plattformen, erfolgreich zerstört. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/tycoon-2fa-abgeschaltet
Breach Roundup: Patches and Hacks on Cisco Equipment

Mar 5, 2026 11:46 PM

Tags: 2fa, breach, cisco, microsoft

Also: Trojanized RedAlert App, Tycoon 2FA Takedown, CyberStrikeAI Attacks. This week, Cisco patches and hacks. Trojanized app targeted Israelis. Bye-bye, Tycoon 2FA. Also bye-bye LeakBase. A LexisNexis breach. Woman sentenced for trafficking Microsoft licenses. Silver Dragon targeted governments. Broadcom patch. A Mississippi medical clinic resumed operations. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/breach-roundup-patches-hacks-on-cisco-equipment-a-30927
Breach Roundup: Patches and Hacks on Cisco Equipment

Mar 5, 2026 11:46 PM

Tags: 2fa, breach, cisco, microsoft

Also: Trojanized RedAlert App, Tycoon 2FA Takedown, CyberStrikeAI Attacks. This week, Cisco patches and hacks. Trojanized app targeted Israelis. Bye-bye, Tycoon 2FA. Also bye-bye LeakBase. A LexisNexis breach. Woman sentenced for trafficking Microsoft licenses. Silver Dragon targeted governments. Broadcom patch. A Mississippi medical clinic resumed operations. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/breach-roundup-patches-hacks-on-cisco-equipment-a-30927
Tycoon 2FA Goes Boom as Europol, Vendors Bust Phishing Platform

Mar 5, 2026 11:46 PM

Tags: 2fa, authentication, cyber, phishing, service, threat

The phishing-as-a-service platform was popular among cyber threat actors because of its ability to bypass multifactor authentication defenses. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/tycoon-2fa-europol-vendors-bust-phishing-platform
Microsoft, Europol disrupt global phishing platform Tycoon 2FA

Mar 5, 2026 5:47 PM

Tags: 2fa, authentication, business, cybercrime, email, microsoft, phishing, service

The service helped cybercriminals bypass multifactor authentication and led to business email compromise and ransomware. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-europol-disrupt-phishing-tycoon-2fa/813904/