Tycoon2FA Phishkit Updates Tactics with PDF Lures and Redirects

Tycoon is back with a new phishing trick! The threat group has updated its tactics, using PDF lures and clever redirects to steal credentials. The script first displays a Cloudflare “Verify You’re a Human” check: a common tactic used to bypass automated security scans and filter out bots. A single overlooked phishing attempt can lead to credential theft, ransomware infections, and unauthorized access to sensitive business data. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Victims are tricked into clicking a fake company policy notice, leading them straight to a phishing site. After passing this check, the victim is redirected to a fake Outlook login page designed to steal credentials. Note: If the phishing attempt targets a Windows user, the fake Outlook page loads. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security. The attack begins with a PDF disguised as an official notice, warning the victim of a Company Device Policy Violation. Security researchers have seen this tactic before: using PHP files with embedded JavaScript to execute redirections. Once the victim clicks the link, they are first redirected to /.res444.php/, a PHP script that executes JavaScript. This subtle yet effective trick will help adversaries to evade detection and improve their phishing success rate. Cybercriminals like Tycoon are constantly refining their tactics, making phishing attacks more deceptive and harder to detect. Their latest approach shows how even a simple PDF can lead to compromised accounts, stolen data, and serious business disruptions. If the victim is using Linux, a fake gym website appears instead.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 12 Mar 2025 17:20:27 +0000


Cyber News related to Tycoon2FA Phishkit Updates Tactics with PDF Lures and Redirects

Tycoon2FA Phishkit Updates Tactics with PDF Lures and Redirects - Tycoon is back with a new phishing trick! The threat group has updated its tactics, using PDF lures and clever redirects to steal credentials. The script first displays a Cloudflare “Verify You’re a Human” check: a common tactic used to ...
1 week ago Cybersecuritynews.com
Apple Releases Updates for Older Devices in 2021 - Apple released updates to many of its older devices in 2021, including the iPhones, iPads, and Macs. The updates are to address security vulnerabilities that were discovered in the company's older devices. Apple has previously released several ...
2 years ago Thehackernews.com
As a SOC/DFIR Team Member, How To Investigate Phishing Kit Attacks - A critical methodology for investigating phishing kit attacks involves using Threat Intelligence (TI) Lookup tools like ANY.RUN’s platform, which aggregates data from millions of sandbox sessions to identify emerging threats. However, forensic ...
3 weeks ago Cybersecuritynews.com
CVE-2018-18689 - The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use ...
4 years ago
Microsoft Edge to Use Adobe Acrobats PDF Rendering Technology - Microsoft and Adobe have joined forces to incorporate Adobe Acrobat's PDF rendering engine directly into the Edge browser, replacing the existing PDF engine. Starting in March 2023, new versions of Microsoft Edge for Windows 10 and Windows 11 will be ...
2 years ago Bleepingcomputer.com
Exploitation of Windows SmartScreen Bypass Flaw Facilitates Deployment of DarkGate RAT - The operators behind the DarkGate malware have been taking advantage of a recently patched flaw in Windows SmartScreen through a phishing scheme. This campaign involves circulating counterfeit Microsoft software installers to spread the malicious ...
1 year ago Cysecurity.news CVE-2024-21412 CVE-2023-36025
Fake Browser Updates Used in Malware Distribution - Cybersecurity researchers from Proofpoint have identified a rising trend in threat activity that employs fake browser updates to disseminate malware. At least four distinct threat clusters have been tracked utilizing this deceptive tactic. Fake ...
1 year ago Infosecurity-magazine.com
CVE-2021-34527 - <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An ...
1 year ago
CVE-2023-45803 - urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a ...
1 year ago
CVE-2024-37891 - urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* ...
9 months ago
Why you might not be done with your January Microsoft security patches - The January patching window for your firm has probably come and gone. Has it? While January included a huge release of patches, several releases in other months have provided more than one headache for the patch management community. These are the ...
2 years ago Csoonline.com CVE-2022-41099 CVE-2022-37966
The Emerging Landscape of AI-Driven Cybersecurity Threats: A Look Ahead - In recent years, the rapid advancement and integration of artificial intelligence into various sectors have not only brought about a revolution in efficiency and capability, but have also introduced a new frontier in cybersecurity challenges. This ...
1 year ago Securityweek.com
Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs - Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws. This Patch Tuesday fixes only two critical vulnerabilities: Hyper-V remote code execution ...
1 year ago Bleepingcomputer.com
Microsoft fixes VPN failures caused by April Windows updates - The list of impacted Windows versions includes Windows 11, Windows 10, and Windows Server 2008 and later. Since Redmond includes all security fixes in a single update, uninstalling the April updates will also remove all fixes for patched security ...
10 months ago Bleepingcomputer.com
Social Engineering Attacks: Tactics and Prevention - Social engineering attacks have become a significant concern in today's digital landscape, posing serious risks to the security and sensitive information of individuals and organizations. By comprehending these tactics and implementing preventive ...
1 year ago Securityzap.com
Yodobashi Camera Users Under Attack from a New Wave of Phishing Attack - Cybersecurity firm Symantec reported the campaign, which uses emails titled “Yodobashi.com: ‘Customer Information’ Change Request Notification” to trick recipients into visiting fake login pages. A new wave of phishing attacks impersonating ...
3 weeks ago Cybersecuritynews.com Qilin
15 Best Patch Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive patch management for various operating systems, applications, and third-party software.It is complex for new users and requires time and training to utilize its functionalities fully.Advanced analytics ...
2 weeks ago Cybersecuritynews.com
CVE-2018-18688 - The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the ...
4 years ago
January 2024 Patch Tuesday forecast: A Focus on Printing - This article aims to provide a quick summary of some of the latest trends, announcements, and changes associated with IT patch operations while looking at the upcoming Patch Tuesday and what software updates to expect. December 2023 Patch Tuesday ...
1 year ago Helpnetsecurity.com
Microsoft extends Windows Server 2012 ESUs to October 2026 - Microsoft provides three more years of Windows Server 2012 Extended Security Updates until October 2026, giving administrators more time to upgrade or migrate to Azure. The company also prolonged the end date for Windows Server 2012 and extended ...
1 year ago Bleepingcomputer.com
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com
Building Your Defense Toolbox: Tools and Tactics to Combat Cyber Threats - The emergence of AI-powered malicious chatbots, such as WormGPT and FraudGPT, has enabled malicious threat actors to not only refine their skills but also consolidate all their malicious activities and tools into one, like a toolbox. Understanding ...
1 year ago Hackread.com
Beware of Malicious Browser Updates That Installs SocGholish Malware - SocGholish malware follows a multi-layered infection chain, beginning with a user visiting a compromised website that displays a fake browser update notification. SocGholish is a JavaScript-based loader malware that uses a complex infection chain ...
1 month ago Cybersecuritynews.com
Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day - Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs. While eight remote code execution bugs were fixed, Microsoft only rated three ...
1 year ago Bleepingcomputer.com CVE-2023-20588
New polyglot malware hits aviation, satellite communication firms - The archive contains an LNK (Windows shortcut) file disguised as an XLS, as well as two PDF files ("about-indic.pdf" and "electronica-2024.pdf"). Both PDFs are polyglot files containing a legitimate PDF file structure but an additional malicious file ...
2 weeks ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)