LastPass Users Phished, Amazon Down US, UK Cybersecurity Boost – Cybersecurity News [March 02, 2026]

Here are the top four cybersecurity news stories from this week that you should be aware of. LastPass users have been targeted by threat actors, while US Amazon users experienced a massive outage this Thursday. The NCSC has urged UK enterprises to strengthen their cybersecurity systems. Meanwhile, Europol has managed to disrupt the notorious Tycoon 2FA phishing gang.

LastPass users fell prey to a phishing scam!

March has not been very pleasant for LastPass users. This password management tool was targeted by phishing actors on March 1. The threat intelligence department at LastPass detected this new threat campaign. A group of threat actors had managed to impersonate LastPass customer support executives by sending fake emails. 

The ultimate goal of these emails is to persuade the recipients to share sensitive personal details. The threat actors successfully managed to impersonate LastPass’ internal messages. These messages were mostly about unauthorized activity on accounts.

They were following the traditional social engineering trick of creating a sense of fake urgency to compel victims to share their data.

The campaign involves the strategy of display-name spoofing. This means that in place of the original sender, the name of LastPass would appear to earn the trust of the victims. The email focuses on suspicious activity and urges recipients to take immediate action. These emails include malicious links that would redirect the victims to a fake Single Sign-On page. 

Ever since the cyber incident, LastPass has been working closely with third-party partners to identify the real culprits. However, it has also issued an advisory for all its users and has requested them to stay vigilant and practice cyber hygiene.

E-commerce platform Amazon is down for US users– is it a cyberattack?

Thousands of Amazon users in the US were affected this Thursday as the e-commerce platform was down. Online outage-tracking tools like Downdetector confirmed that as many as 22,000 outage instanceshave already been reported.

Users are facing issues such as difficulty checking out, logging in, or even browsing products of their choice. Social media platforms are rife with claims that Amazon was hacked amid the Middle East tensions. Some users believe it is part of cyber warfare.

Amazon has been tight-lipped and shared no confirmation around the hacking claim. They have not shared the exact reason for the outage either.

However, Amazon Web Series suffered a major infrastructure failure in the Middle East region on March 2. This physical damage led to a widespread outage that affected networking, storage services, and EC2 instances. 

Authorities have claimed that a fire at a UAE data center was caused by an external object striking the facility, disrupting the primary power and backup generators. 

Experts believe that the physical damage can be followed by cyberattacks and have urged authorities to stay vigilant and proactive. 

Users strongly believe that there’s a connection between the Middle East AWS physical damage and the latest Amazon outage incident in the US. There is no information available on when Amazon will be up and working again in the US.

UK organizations bolster cybersecurity systems under the observation of NCSC

The ongoing conflict in the Middle East has created ripples across the global cybersecurity landscape. Although there’s currently no direct connection between regional tensions and the UK cybersecurity ecosystem, the NCSC (National Cyber Security Centre) has urged UK organizations to be vigilant and take necessary action.

Given the speed at which regional tensions are escalating, NCSC believes that UK-based organizations and entities that form part of the supply chain distribution network for Middle East companies can be extremely vulnerable. Experts believe that it is highly likely for state-sponsored threat actors to target UK enterprises as part of cyber warfare.

NCSC has urged UK organizations to bolster their cybersecurity mechanisms immediately. Keeping a close eye on the external attack surface is also recommended. These enterprises have also been advised to start prepping for responding to any collateral impacts instigated by the state-sponsored hacktivists.

UK organizations will also be signing up for the Early Warning Service by NCSC in order to receive real-time notifications in case of any cybersecurity mishap. 

Tycoon 2FA phishing services infrastructure dismantled by Europol!

Europol has finally managed to take down the IT infrastructure of Tycoon 2FA. They have been operating as a Phishing-as-a-Service platform since 2023. So far, Tycoon has managed to target millions of global internet users. 

Europol is known for its efficacy in battling organized cybercrime. This time, it joined hands with renowned tech giants like Microsoft, Cloudflare, and Trend Micro. This successful operation by Europol resulted in the closure of over 300 malicious domains. These domains were being used by the Tycoon gang to host fake login pages. These pages are generally designed to impersonate big industry names. They trick the victims into entering sensitive data like login credentials and authentication codes. Dismantling these fake domains means significantly curbing the PaaS platform’s ability to run further malicious campaigns.

The CIEP or Cyber Intelligence Extension Programme conducted this crucial operation against Tycoon. The investigators involved in the operation successfully seized the same servers that were used to power the phishing infrastructure. They have also been able to detect and apprehend the threat actors who are believed to be directly a part of the PaaS ecosystem. 

This operation by Europol once again reminds us of the fact that global coordination between private technology firms and law enforcement agencies can effectively curb intricate cybercrime ecosystems.

Implementing SPF, DKIM, and DMARC helps protect email systems from spoofing, phishing, and unauthorized senders.

Tycoon 2FA used to offer phishing services and associated tools to interested threat actors at an extremely low fee (approximately $120). With the help of these tools, cybercriminals could easily bypass MultiFactor Authentication systems by evading security setups like SMS verification codes and authenticator app tokens. Also, Tycoon 2FA used to operate on a large scale and had managed to carry out a whopping 96,000 phishing attempts in just three years.