phaas

A new, industrialized phishing service called VoidProxy is being used by multiple criminal groups to intercept Google and Microsoft sign-ins in real time, harvest credentials, MFA responses and — critically — session cookies that let attackers impersonate users without needing passwords or...

In recent months, the aviation and transportation sectors have become prime targets for sophisticated phishing attacks, particularly those involving Business Email Compromise (BEC) schemes. Cybercriminals are exploiting executive email accounts to deceive customers and partners into transferring...

The rapid evolution of cybercrime has brought forth a new era of sophisticated phishing operations, with attackers now leveraging complex “Phishing-as-a-Service” (PhaaS) platforms to target lucrative enterprise networks. One such operation, identified in research as Storm-1575 and more widely...

A new breed of cyber threats is rapidly transforming the landscape of enterprise security, and few recent campaigns illustrate this better than the large-scale, meticulously coordinated attacks attributed to Storm-1575, more commonly known as the Dadsec hacker group. Over the past year, Dadsec...

The best-laid plans of regulators and tech titans alike have gone pixel-shaped, and the digital world is barely hanging onto its cookies. Welcome to the wildest PSW episode yet—where government unraveling meets generative AI hijinx, bot chaos is the new business model, and cybercriminals treat...

Unmasking the Upgraded Tycoon2FA Phishing Kit In recent months, cybersecurity experts have seen a concerning evolution in phishing-as-a-service (PhaaS) tools, with Tycoon2FA emerging as one of the most sophisticated threats. Once infamous for bypassing multi-factor authentication (MFA) on...

Barracuda’s detection systems recently blocked over a million phishing attacks—a staggering number that underscores a rapidly evolving threat landscape powered by sophisticated Phishing-as-a-Service (PhaaS) platforms. This development is especially critical for Windows users and organizations...

Over the past couple of months, the cybersecurity landscape has faced another twist in its never-ending battle against phishing. In early 2025, Barracuda Networks reported a surge in phishing-as-a-service (PhaaS) attacks—over a million in total—with notorious tools like Tycoon 2FA and EvilProxy...

If you've ever thought phishing scams were a thing of the past, brace yourself for a rude awakening. Cybercriminals have upped their game with a new Phishing-as-a-Service (PhaaS) offering, ominously named Sneaky 2FA. Leveraging Telegram as a command-and-control hub, this digital playground for...

Cybersecurity experts and enthusiasts, take a seat—this one’s a ride into the cutting-edge of cybercrime. A newly identified Adversary-in-the-Middle (AiTM) phishing kit dubbed “Sneaky Log” has been making waves in the underground cybercrime market. This innovative kit is specifically targeting...

A new and sophisticated species has entered the phishing ecosystem, and its name is Tycoon 2FA. At a time when digital security feels like a relentless arms race, this phishing-as-a-service (PhaaS) platform epitomizes just how quickly adversaries adapt to modern defenses—forging an unsettling...

In a chilling revelation for Microsoft 365 users, security researchers have unveiled a sophisticated phishing toolkit known as "Rockstar 2FA" that circumvents multi-factor authentication (MFA) in a strikingly clever manner. This "Phishing-as-a-Service" (PhaaS) offering demonstrates how...

In a grim reminder of cybersecurity's ever-evolving landscape, researchers have uncovered a new and sophisticated adversary-in-the-middle (AiTM) cyberattack targeting Microsoft 365 credentials. This campaign is powered by the upgraded Rockstar 2FA, a phishing-as-a-service (PhaaS) platform that...