Cybersecurity2 min readMay 17, 2026

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

A new phishing attack called Tycoon2FA is targeting Microsoft 365 accounts by tricking users into approving device-code authentication requests, often delivered through compromised email tracking links from legitimate services like Trustifi. If attackers

Read the full article: https://www.bleepingcomputer.com/news/security/tycoon2fa-hijacks-microsoft-365-accounts-via-device-code-phishing/

Could your website be vulnerable to attacks like this?

Run a free 10-point security scan on your site — headers, SSL, DNS, and more. Results in 15 seconds.

Test Your Site Now — It's Free

More Security Insights

Cybersecurity

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms

Read Secure Software

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

Read