North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...

While some of the campaigns have been found to leverage the technique to deliver malware, others send users to pages hosted on phishing frameworks such as EvilProxy, which act as an ...

Experimental - This project is still in development, and not ready for the prime time. A minimal, secure Python interpreter written in Rust for use by AI. Monty avoids the cost, latency, complexity ...

随着多因素认证（MFA）在企业信息安全架构中的普及，传统仅针对静态密码的钓鱼攻击效能显著下降。然而，以“Tycoon 2FA”为代表的新型“钓鱼即服务”（Phishing-as-a-Service, PhaaS）平台的出现，标志着网络犯罪生态发生了质的转变。该类平台通过实时会话拦截与令牌劫持技术，成功绕过了包括一次性验证码（OTP）在内的动态安全验证机制，导致全球范围内超过50万个组织面临严峻威胁 ...

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...