Breach Roundup: Tycoon2FA Phishing Platform Rebounds

Also, Russian Signal Phishing, Iran-Linked Malware, Breaches in Spain and France Pooja Tikekar (@PoojaTikekar) • March 26, 2026

Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week, Tycoon 2FA is back, a Trio-Tech ransomware attack turned potentially material, more warnings on Russians targeted messaging apps and a ransomware broker sentenced. Iran-linked hackers used Telegram malware, Mazda disclosed a breach. Oracle patched a critical flaw, North Korean actors weaponized VS Code, a Spanish port is using manual processes after a mostly-thwarted ransomware attack, France reported a teacher data breach and a U.S. healthcare firm saw victim counts surge.

See Also: Experts Offer Insights from Theoretical to the Realities of AI-enabled Cybercrime

Tycoon2FA, a phishing-as-a-service platform disrupted earlier this month in a coordinated international law enforcement operation, quickly rebounded to pre-disruption activity levels, cybersecurity company CrowdStrike found.

Europol, working with ...