First appearing in August 2023, Tycoon 2FA was designed specifically to help fraudsters hack into accounts defended by multi-factor authentication and steal session cookies, and was responsible for tens of millions of fraudulent emails and almost tens of thousands of confirmed victims around the world.
Researchers demonstrated the vulnerability by connecting a vulnerable phone to a laptop over USB, showing how their exploit recovered the handset PIN, decrypted storage, and extracted seed phrases from several software wallets.
New research shows that these claims aren't true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into groups.
The most dangerous phishing campaigns aren't just designed to fool employees. Many are designed to exhaust the analysts investigating them. When a phishing investigation takes 12 hours instead of five minutes, the outcome can shift from a contained incident to a breach.
Safe mode helps you see if a buggy app is causing your Android phone to crash, freeze, or slow down. Here's how.
A vulnerability in Microsoft Authenticator for both iOS and Android (CVE-2026-26123) could leak your one-time sign-in codes or authentication deep links to a malicious app on the same device.