The Tycoon2FA phishing kit now employs device-code phishing attacks against Microsoft 365, leveraging the OAuth 2.0 device authorization grant flow to trick users into authorizing a rogue device via Microsoft's legitimate login page, thereby granting attackers access tokens. The article does not describe a software vulnerability with a CVSS score or specific affected versions, but rather an evolving social engineering technique. Recommended mitigations include disabling the OAuth device code flow when not in use, restricting OAuth consent, and enhancing monitoring of Microsoft Entra logs.
Phishing Tycoon2FA phishing kit evolves with device-code attacks on Microsoft 365 May 18, 2026 Share By SC Staff The Tycoon2FA phishing kit has resurfaced with new capabilities, including support for device-code phishing attacks that target Microsoft 365 accounts, according to eSentire. Despite a recent law enforcement disruption, the platform has been rebuilt and is now employing advanced techniques to bypass security measures, with further coverage provided by Bleeping Computer. The Tycoon2FA phishing kit has adapted to leverage OAuth 2.0 device authorization grant flows, enabling it to compromise Microsoft 365 accounts. This method tricks victims into authorizing a rogue device by entering a code on Microsoft's legitimate login page, granting attackers access to sensitive data. The attack chain involves a lure email with a Trustifi click-tracking URL, which redirects through multiple layers of obfuscation before presenting a fake Microsoft CAPTCHA page. The victim is then prompted to enter a device code, completing multi-factor authentication and issuing OAuth tokens to the attacker. The kit incorporates robust anti-analysis measures, blocking researchers, security vendors, and automated scanning tools. eSentire recommends disabling the OAuth device code flow when not in use, restricting OAuth consent, and enhancing monitoring of Microsoft Entra logs to mitigate these threats. Source: Bleeping Computer SC Staff Related Phishing Consumers face increasing online scams, as AI fuels sophisticated attacks SC Staff May 18, 2026 F-Secure's Scam Intelligence & Impacts Report reveals that 56% of consumers faced monthly scam attempts in 2025. Phishing FIFA World Cup scams target fans and businesses SC Staff May 18, 2026 Cybercriminals are using fake ticketing, accommodation, and transportation apps to trick fans into divulging login credentials or losing money. Phishing Hackers exploit calendar invites to hijack accounts using CalPhishing SC Staff May 18, 2026 The CalPhishing campaign, active since early 2026, begins with an email appearing to be an urgent administrative alert. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe You can skip this ad in 5 seconds