A recent report by cybersecurity experts at Sekoia has exposed the growing threat of a new phishing kit called Tycoon 2FA, designed to target Gmail and Microsoft email accounts. The kit has evolved significantly since its initial detection in mid-2023, with around 1,100 domains and usage in thousands of phishing attacks. Notably, the kit allows threat actors to bypass two-factor authentication, leading to substantial financial gains. Security analysts warn that the kit has made it increasingly challenging to detect and analyze, with improved mechanisms to intercept victim input and steal session cookies and 2FA codes. With its ability to evade security measures, Tycoon 2FA highlights the ongoing battle against sophisticated cyber threats, posing significant risks to online security and privacy.