Product

Cloudflare Workers

2 briefs RSS

Tycoon2FA Phishing Kit Targets Microsoft 365 Accounts with Device-Code Phishing

The Tycoon2FA phishing kit now supports device-code phishing attacks targeting Microsoft 365 accounts, abusing Trustifi click-tracking URLs, redirecting victims through Cloudflare Workers to a fake Microsoft CAPTCHA page, tricking them into entering a device code, and granting attackers OAuth tokens and access to their Microsoft 365 accounts.

Microsoft 365 +2 phishing device-code phishing oauth tycoon2fa

2r 2t May 17, 2026

high threat

Inngest SDK Exposes Environment Variables via Unhandled HTTP Methods

2 rules 1 TTP 2 IOCs

Inngest TypeScript SDK versions 3.22.0 through 3.53.1 expose environment variables via the serve() handler on unhandled HTTP methods, allowing unauthenticated remote attackers to exfiltrate environment variables from the host process via `PATCH`, `OPTIONS`, or `DELETE` requests to the `serve()` HTTP handler.

exploited inngest TypeScript SDK +2 environment-variable-exposure inngest cve-2026-42047

2r 1t 2i May 5, 2026