Microsoft, Europol, Trend Micro, and a global coalition just disrupted Tycoon 2FA — one of the most prolific phishing-as-a-service platforms ever documented. That is a meaningful outcome. It is not safety. Tycoon 2FA is offline. The attack model that made it successful is not.

What happened at Stryker today isn't a malware story. It's an identity story. And it's one the industry has seen before — the Sony hack, twelve years ago, followed a similar path. A dozen years later, the attack surface has changed. The fundamental failure hasn't.

A new summary of the MITRE ATT&CK Enterprise Round 7 evaluation reveals that the highest protection score any tested vendor achieved was a mere 31 percent — meaning that 69% of attacks went entirely undetected by even the best-performing vendor in the field. But the more significant finding was buried beneath that number. Across every identity-specific attack scenario in the evaluation, all vendors scored zero blocking — not partial detection, not near misses, but zero. The tools enterprises invest in to stop modern attacks did not intercept a single identity attack, which is precisely the class of threat that now defines the modern threat landscape.

For years, security leaders have debated frameworks, tools, awareness programs, and incremental improvements to authentication workflows, while attackers continued to succeed through the same predictable path: logging in with stolen or relayed credentials rather than breaking through hardened infrastructure.

The Betterment breach should not have surprised anyone paying attention, and it certainly should have ended the long-running argument about whether modern MFA is sufficient against today’s attacks. Instead, it became just another entry in a growing list of incidents that organizations explain away as bad luck, poor training, or unfortunate human error.

Attackers Are Not Hacking In. They Are Logging In. Ransomware, phishing, and credential-based attacks are hitting small and midsize businesses every day because attackers have learned the easiest trick in the book. They do not need to hack in. They simply log in with stolen credentials. The moment an employee enters a password or approves a code, the attacker has everything.

Most organizations still think of authentication as a cost of doing business.

Device Based Biometrics Are the Only Way to Restore It.

Cyber Defense Magazine’s December issue includes a new article by Kevin Surace, Chair at Token, explaining why real time phishing relay attacks have become the most effective method for bypassing legacy MFA. These attacks are now driving many of the ransomware incidents and data breaches affecting organizations worldwide.

Another Preventable Breach Another week. Another preventable breach. This time it is Doordash, confirming that a social engineering scam gave attackers access to sensitive customer and driver information. But the real story is not the scam. The real story is the failure behind it.

What do CISA, NSA, NIST, OMB, DHS, the Department of Defense, Gartner, Microsoft, Google, the FIDO Alliance, and the entire cyber insurance industry know that so many organizations are still ignoring?

As seen in Bleeping Computer The Tycoon 2FA phishing kit signals a turning point in the battle against account takeover. This is not a tool built for elite attackers. It is a plug-and-play phishing kit that anyone can deploy, with zero coding skill required. Tycoon automates everything: setup, fake login pages, reverse proxy servers, real-time credential capture, and full MFA relay.