Tycoon 2FA Goes Boom as Europol, Vendors Bust Phishing Platform

Europol, Microsoft and multiple private-sector partners disrupted Tycoon 2FA, a prominent phishing‑as‑a‑service that used adversary‑in‑the‑middle proxying to capture live session tokens and bypass multifactor authentication, impacting an estimated 96,000 victims and accounting for roughly 62% of Microsoft-blocked phishing attempts; the operation seized 330 domains and infrastructure across several countries while partners urged adoption of phishing-resistant MFA (e.g., FIDO2/passkeys) and warned that operators may attempt to rebuild.