Bleeping Computer recently reported that a phishing-as-a-service (PhaaS) available in cybercriminal forums dubbed “Typhoon 2FA” has the ability to compromise Microsoft 365 and Google accounts even if users have two-factor authentication (2FA) enabled. Sekoia security analysts uncovered the phishing kit back in October 2023 though they believe it has been active since at least August of that same year.
Source: CircleID