Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...
Bleeping Computer

New EvilTokens service fuels Microsoft device code phishing attacks

A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise attacks.
Hosted on MSN

Attackers use QR codes to bypass enterprise security tools, Microsoft data shows

Microsoft detected 8.3 billion phishing emails in Q1 2026 Attackers are favoring QR-code based attacks PhaaS group Tycoon2FA saw a drop in attacks following disruption, but is rehosting infrastructure ...
TechRepublic

Researchers Uncover New Phishing Risk Hidden Inside Microsoft Copilot

Researchers reveal how Microsoft Copilot can be manipulated by prompt injection attacks to generate convincing phishing messages inside trusted AI summaries. AI assistants are rapidly becoming a core ...

35,000 users hacked? Microsoft reveals massive global phishing attack

India, May 6 -- Microsoft has confirmed a series of sophisticated phishing campaigns targeting more than 35,000 users across over 13,000 organisations in 26 countries, with the majority of victims ...

The vast majority of phishing attacks are now generated by AI, experts warn

Not only is AI helping attackers generate more sophisticated phishing attacks, but it's also democratizing tools to even more attackers.
Fox News

AI is now powering cyberattacks, Microsoft warns

Artificial intelligence promised to make life easier. Write emails faster. Build software quicker. Analyze huge datasets in seconds. Unfortunately, cybercriminals noticed those benefits too. A new ...