AITM
-
Coordinated action disrupts Tycoon 2FA phishing service that targeted tens of thousands of organisations
A coordinated operation in early March 2026 disrupted Tycoon 2FA, a subscription phishing platform that generated tens of millions of emails monthly and enabled unauthorized access to nearly 100,000 organisations worldwide.
-
DKnife targets network gateways in long-running AitM campaign
DKnife is a modular adversary-in-the-middle framework that has operated on network gateways since at least 2019. It inspects and manipulates traffic to hijack updates and deliver malware to downstream devices.
-
Multi-stage AitM phishing and BEC campaign abused SharePoint to target energy organisations
Microsoft flagged a multi-stage AitM phishing and BEC campaign using SharePoint links and inbox rules to persist. One observed case sent over 600 phishing messages. Mitigation requires revoking session cookies and deleting attacker-created rules.
-
Calendly-themed phishing campaign spoofs top brands to hijack ad manager accounts
Security researchers found a targeted phishing campaign using fake Calendly invites and brand impersonation to steal Google Workspace and Facebook business credentials and seize advertising manager accounts for malvertising and other attacks.
-
Microsoft: Storm-2657 Used Phishing to Redirect University Payrolls via Workday Accounts
Microsoft said a gang known as Storm-2657 has used phishing and adversary-in-the-middle links to steal MFA and compromise university Workday-linked accounts since March 2025, altering payroll configurations to redirect salary payments and spreading further phishing inside and across campuses.
