VulnHub

Real-time Cybersecurity News

Tycoon 2FA relinquishes crown to similar PhaaS platforms

SCM feed for Latest
Actively Exploited
PhishingExploitMalware

Overview

The recent dismantling of the Tycoon 2FA phishing-as-a-service platform has left a significant gap in the cybercrime ecosystem. In a crackdown that took down over 300 active domains associated with Tycoon 2FA, security researchers noted that cybercriminals are now shifting their focus to other similar platforms, namely Mamba 2FA, Sneaky 2FA, and EvilProxy. These alternative services have quickly integrated the tools and techniques that made Tycoon 2FA popular among attackers. This transition underscores the persistent nature of phishing threats, as criminals adapt and find new ways to exploit users. The ongoing evolution of these platforms poses a continuous risk to individuals and organizations, highlighting the need for enhanced security measures against phishing attempts.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Tycoon 2FA, Mamba 2FA, Sneaky 2FA, EvilProxy
  • Action Required: Users should implement stronger authentication methods and remain vigilant against phishing attempts.
  • Timeline: Disclosed on [date of takedown]

Original Article Summary

Last month's takedown of over 300 active domains used by the Tycoon 2FA phishing-as-a-service platform, which was once the most prolific PhaaS kit, has prompted threat actors to transfer to the Mamba 2FA, Sneaky 2FA, and EvilProxy platforms that have since integrated Tycoon 2FA's tools, according to SecurityWeek.

Impact

Tycoon 2FA, Mamba 2FA, Sneaky 2FA, EvilProxy

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Disclosed on [date of takedown]

Remediation

Users should implement stronger authentication methods and remain vigilant against phishing attempts. Organizations are advised to educate employees about recognizing phishing scams and to deploy advanced email filtering solutions.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Phishing, Exploit, Malware.

Read Original Article

Related Coverage

Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party Tool

Infosecurity Magazine

Vercel, a cloud app developer, has confirmed that it faced a security breach due to a sophisticated attack that exploited a third-party tool. The details surrounding the breach remain limited, but it raises concerns regarding the safety of applications built on Vercel's platform. Users and developers relying on Vercel for their cloud services should be vigilant, as this incident highlights potential vulnerabilities in third-party integrations. The company is likely working to assess the full impact of the breach and implement necessary security measures to prevent future incidents. This situation serves as a reminder for all companies to review their security practices, especially when using external tools and services.

Apr 21, 2026

NGate Android malware uses HandyPay NFC app to steal card data

BleepingComputer

A new variant of the NGate malware is targeting Android users by disguising itself within a trojanized version of HandyPay, a legitimate mobile payment app. This malware is designed to steal NFC payment data, posing a significant risk to users who rely on their smartphones for transactions. By embedding itself in a trusted application, attackers are increasing the chances that unsuspecting users will download and use the malicious version. Users of Android devices should be cautious about installing apps from unofficial sources and ensure they are using the latest security updates to protect their sensitive financial information. The implications of this malware are serious, as it could lead to unauthorized transactions and financial loss for those affected.

Apr 21, 2026

North Korean Blamed for $290m KelpDAO Crypto Heist

Infosecurity Magazine

North Korea's Lazarus Group has been implicated in a significant cyber theft involving KelpDAO, a decentralized finance platform, with losses estimated at $290 million. This incident marks another high-profile attack linked to the notorious group, known for its involvement in various cybercrimes, including cryptocurrency thefts. KelpDAO is now facing the repercussions of this breach, which impacts not only its operations but also the broader crypto community concerned about security. The attack raises alarms about the vulnerability of decentralized finance platforms to state-sponsored hacking, emphasizing the need for enhanced security measures across the industry. As the investigation unfolds, it is crucial for crypto users and platforms to remain vigilant against such threats.

Apr 21, 2026

Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility

Security Affairs

Bluesky, a decentralized microblogging platform, was hit by a 24-hour Distributed Denial of Service (DDoS) attack that began on April 15. The attack led to significant service disruptions, impacting users who rely on the platform for communication and information sharing. A pro-Iran hacker group has claimed responsibility for this attack, indicating a possible politically motivated cyber incident. DDoS attacks can overwhelm a service with traffic, rendering it unavailable to legitimate users, which raises concerns about the platform's security and its ability to handle such threats in the future. This incident serves as a reminder of the ongoing risks facing online platforms, especially those involved in social discourse.

Apr 21, 2026

Researchers build an encrypted routing layer for private AI inference

Help Net Security

Researchers have developed a new encrypted routing layer that enhances privacy for organizations using large AI models, particularly in sensitive sectors like healthcare and finance. The method employs Secure Multi-Party Computation (MPC), which breaks down data into encrypted fragments and spreads them across multiple servers. This approach allows the servers to process AI queries without ever accessing the original data, ensuring that sensitive information remains confidential. This advancement is significant as it addresses growing concerns over data privacy when utilizing cloud-based AI services. Companies looking to implement AI while safeguarding private information may find this technology particularly beneficial.

Apr 21, 2026

Multiple other companies purportedly breached by ShinyHunters, over 9M record leak warned

SCM feed for Latest

The hacking group ShinyHunters claims to have breached nine well-known companies, including Zara, 7-Eleven, and Carnival Corporation. They are threatening to release over 9 million records that contain personal information and internal data unless a ransom is paid by April 21. This situation raises significant concerns for the affected brands as it puts customer data at risk and could lead to identity theft or other malicious activities. The release of such a large volume of sensitive information could also damage the reputation of these companies and erode consumer trust. As the deadline approaches, it remains crucial for these organizations to enhance their security measures and communicate transparently with their customers about the potential breach.

Apr 20, 2026