Tycoon 2FA Adds OAuth Device Code Phishing to Hijack Microsoft 365 Accounts

Tycoon 2FA operators have adopted OAuth device code phishing to compromise Microsoft 365 accounts without using the kit’s older credential-relay flow. In the campaign analyzed by eSentire’s Threat Response Unit in late April 2026, victims were pushed through a phishing chain that ended on Microsoft’s real device login page. The victim entered a code, completed […] The post Tycoon 2FA Adds OAuth Device Code Phishing to Hijack Microsoft 365 Accounts appeared first on VPN Central.