Daily Security Briefing #082

November 23, 2025 | Read Online

Tycoon2FA phishing surge, Iberia data breach, New password management tool, plus Pixel-iPhone file sharing…

Executive Summary

Cybercrime continues to focus heavily on exploiting widely used platforms, with the Tycoon2FA phishing-as-a-service campaign launching nearly one million attacks targeting Office 365 accounts in 2025 alone. Data security remains a pressing concern as Iberia reveals a customer data leak linked to a vendor breach, highlighting supply chain vulnerabilities. Meanwhile, enterprise security gains momentum with Passwork 7’s new unified password and secrets management platform offering automation and Black Friday savings. On a positive note, enhanced interoperability developments make cross-platform sharing easier with Google enabling Pixel-to-iPhone file transfers using Quick Share and AirDrop.

Top Articles

Tycoon2FA Launches Nearly 1 Million Attacks Targeting Office 365 Accounts
The Tycoon2FA phishing-as-a-service platform, tracked by Microsoft as Storm-1747, has emerged as a major threat in 2025. It has executed nearly one million phishing attacks aimed at compromising Office 365 accounts, marking it as the most prolific phishing campaign observed this year. October alone saw a significant spike in related activity detected by Microsoft Defender.
BleepingComputer

Iberia Discloses Customer Data Leak After Vendor Security Breach
Spanish airline Iberia has informed its customers of a data breach that occurred through a supplier compromise. Hacker forums revealed claims of a 77 GB data dump allegedly stolen from the carrier, prompting the airline to begin notifications as part of its incident response. This case underscores evolving risks associated with third-party vendors.
BleepingComputer

Enterprise Password Security and Secrets Management with Passwork 7
Passwork 7 introduces a self-hosted platform to simplify enterprise password and secrets management. It offers automation for credential workflow and includes a free trial option, with Black Friday discounts of up to 50%. This tool aims to strengthen internal security practices by centralizing sensitive information management.
BleepingComputer

Google Enables Pixel-to-iPhone File Sharing via Quick Share, AirDrop
Google has enhanced cross-platform compatibility by enabling direct file sharing between Pixel smartphones and iPhones. The new interoperability between Android’s Quick Share and Apple’s AirDrop features allows seamless transfer of files across these device ecosystems, improving user convenience and connectivity.
BleepingComputer

Trace Labs | Blog: Behind the Scenes of Trace Labs Reporting
Trace Labs reports a record-breaking OSINT Search Party capture-the-flag event held in November 2025. Participants submitted 2,947 verified data points across four missing-person cases, marking one of the highest scoring collaborative efforts in the organization’s history. This community-driven initiative leverages open-source intelligence for critical humanitarian impact.
TraceLabs

New Costco Gold Star Members Also Get a $40 Digital Costco Shop Card
In an effort to attract holiday shoppers, Costco is offering a promotion where new Gold Star members receive a $40 digital shop card alongside their one-year membership purchased for $65. While this is a retail offer rather than a cybersecurity topic, members are advised to remain vigilant regarding membership-related scams during the busy season.
BleepingComputer

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.