Anthropic on Thursday released Claude Opus 4.6, a major upgrade to its flagship artificial intelligence model that the company says plans more carefully, sustains longer autonomous workflows, and outperforms competitors including OpenAI’s GPT-5.2 on key enterprise benchmarks — a release that arrives at a tumultuous moment for the AI industry and global software markets.
The launch comes just three days after OpenAI released its own Codex desktop application in a direct challenge to Anthropic’s Claude Code momentum, and amid a $285 billion rout in software and services stocks that investors attribute partly to fears that Anthropic’s AI tools could disrupt established enterprise software businesses.
For the first time, Anthropic’s Opus-class models will feature a 1 million token context window, allowing the AI to process and reason across vastly more information than previous versions. The company also introduced “agent teams” in Claude Code — a research preview feature that enables multiple AI agents to work simultaneously on different aspects of a coding project, coordinating autonomously.
“We’re focused on building the most capable, reliable, and safe AI systems,” an Anthropic spokesperson told VentureBeat about the announcements. “Opus 4.6 is even better at planning, helping solve the most complex coding tasks. And the new agent teams feature means users can split work across multiple agents — one on the frontend, one on the API, one on the migration — each owning its piece and coordinating directly with the others.”
Advertisement
Why OpenAI and Anthropic are locked in an all-out war for enterprise developers
The release intensifies an already fierce competition between Anthropic and OpenAI, the two most valuable privately held AI companies in the world. OpenAI on Monday released a new desktop application for its Codex artificial intelligence coding system, a tool the company says transforms software development from a collaborative exercise with a single AI assistant into something more akin to managing a team of autonomous workers.
AI coding assistants have exploded in popularity over the last year, and OpenAI said more than 1 million developers have used Codex in the past month. The new Codex app is part of OpenAI’s ongoing effort to lure users and market share away from rivals like Anthropic and Cursor.
The timing of Anthropic’s release — just 72 hours after OpenAI’s Codex launch — underscores the breakneck pace of competition in AI development tools. OpenAI faces intensifying competition from Anthropic, which posted the largest share increase of any frontier lab since May 2025, according to a recent Andreessen Horowitz survey. Forty-four percent of enterprises now use Anthropic in production, driven by rapid capability gains in software development since late 2024. The desktop launch is a strategic counter to Claude Code’s momentum.
Advertisement
According to Anthropic’s announcement, Opus 4.6 achieves the highest score on Terminal-Bench 2.0, an agentic coding evaluation, and leads all other frontier models on Humanity’s Last Exam, a complex multi-discipline reasoning test. On GDPval-AA — a benchmark measuring performance on economically valuable knowledge work tasks in finance, legal and other domains — Opus 4.6 outperforms OpenAI’s GPT-5.2 by approximately 144 ELO points, which translates to obtaining a higher score approximately 70% of the time.
Claude Opus 4.6 leads or matches competitors across most benchmark categories, according to Anthropic’s internal testing. The model showed particular strength in agentic tasks, office work and novel problem-solving. (Source: Anthropic)
Inside Claude Code’s $1 billion revenue milestone and growing enterprise footprint
The stakes are substantial. Asked about Claude Code’s financial performance, the Anthropic spokesperson noted that in November, the company announced that Claude Code reached $1 billion in run rate revenue only six months after becoming generally available in May 2025.
The spokesperson highlighted major enterprise deployments: “Claude Code is used by Uber across teams like software engineering, data science, finance, and trust and safety; wall-to-wall deployment across Salesforce’s global engineering org; tens of thousands of devs at Accenture; and companies across industries like Spotify, Rakuten, Snowflake, Novo Nordisk, and Ramp.”
Advertisement
That enterprise traction has translated into skyrocketing valuations. Earlier this month, Anthropic signed a term sheet for a $10 billion funding round at a $350 billion valuation. Bloomberg reported that Anthropic is simultaneously working on a tender offer that would allow employees to sell shares at that valuation, offering liquidity to staffers who have watched the company’s worth multiply since its 2021 founding.
How Opus 4.6 solves the ‘context rot’ problem that has plagued AI models
One of Opus 4.6’s most significant technical improvements addresses what the AI industry calls “context rot“—the degradation of model performance as conversations grow longer. Anthropic says Opus 4.6 scores 76% on MRCR v2, a needle-in-a-haystack benchmark testing a model’s ability to retrieve information hidden in vast amounts of text, compared to just 18.5% for Sonnet 4.5.
“This is a qualitative shift in how much context a model can actually use while maintaining peak performance,” the company said in its announcement.
The model also supports outputs of up to 128,000 tokens — enough to complete substantial coding tasks or documents without breaking them into multiple requests.
Advertisement
For developers, Anthropic is introducing several new API features alongside the model: adaptive thinking, which allows Claude to decide when deeper reasoning would be helpful rather than requiring a binary on-off choice; four effort levels (low, medium, high, max) to control intelligence, speed and cost tradeoffs; and context compaction, a beta feature that automatically summarizes older context to enable longer-running tasks.
Opus 4.6 dramatically outperformed its predecessor on tests measuring how well models retrieve information buried in long documents — a key capability for enterprise coding and research tasks. (Source: Anthropic)
Anthropic’s delicate balancing act: Building powerful AI agents without losing control
Anthropic, which has built its brand around AI safety research, emphasized that Opus 4.6 maintains alignment with its predecessors despite its enhanced capabilities. On the company’s automated behavior audit measuring misaligned behaviors such as deception, sycophancy, and cooperation with misuse, Opus 4.6 “showed a low rate” of problematic responses while also achieving “the lowest rate of over-refusals — where the model fails to answer benign queries — of any recent Claude model.”
When asked how Anthropic thinks about safety guardrails as Claude becomes more agentic, particularly with multiple agents coordinating autonomously, the spokesperson pointed to the company’s published framework: “Agents have tremendous potential for positive impacts in work but it’s important that agents continue to be safe, reliable, and trustworthy. We outlined our framework for developing safe and trustworthy agents last year which shares core principles developers should consider when building agents.”
Advertisement
The company said it has developed six new cybersecurity probes to detect potentially harmful uses of the model’s enhanced capabilities, and is using Opus 4.6 to help find and patch vulnerabilities in open-source software as part of defensive cybersecurity efforts.
Anthropic says its newest model exhibits the lowest rate of problematic behaviors — including deception and sycophancy — of any Claude version tested, even as capabilities have increased. (Source: Anthropic)
Sam Altman vs. Dario Amodei: The Super Bowl ad battle that exposed AI’s deepest divisions
The rivalry between Anthropic and OpenAI has spilled into consumer marketing in dramatic fashion. Both companies will feature prominently during Sunday’s Super Bowl. Anthropic is airing commercials that mock OpenAI’s decision to begin testing advertisements in ChatGPT, with the tagline: “Ads are coming to AI. But not to Claude.”
OpenAI CEO Sam Altman responded by calling the ads “funny” but “clearly dishonest,” posting on X that his company would “obviously never run ads in the way Anthropic depicts them” and that “Anthropic wants to control what people do with AI” while serving “an expensive product to rich people.”
Advertisement
The exchange highlights a fundamental strategic divergence: OpenAI has moved to monetize its massive free user base through advertising, while Anthropic has focused almost exclusively on enterprise sales and premium subscriptions.
The $285 billion stock selloff that revealed Wall Street’s AI anxiety
The launch occurs against a backdrop of historic market volatility in software stocks. A new AI automation tool from Anthropic PBC sparked a $285 billion rout in stocks across the software, financial services and asset management sectors on Tuesday as investors raced to dump shares with even the slightest exposure. A Goldman Sachs basket of US software stocks sank 6%, its biggest one-day decline since April’s tariff-fueled selloff.
The selloff was triggered by a new legal tool from Anthropic, which showed the AI industry’s growing push into industries that can unlock lucrative enterprise revenue needed to fund massive investments in the technology. One trigger for Tuesday’s selloff was Anthropic’s launch of plug-ins for its Claude Cowork agent on Friday, enabling automated tasks across legal, sales, marketing and data analysis.
Thomson Reuters plunged 15.83% Tuesday, its biggest single-day drop on record; and Legalzoom.com sank 19.68%. European legal software providers including RELX, owner of LexisNexis, and Wolters Kluwer experienced their worst single-day performances in decades.
Advertisement
Not everyone agrees the selloff is warranted. Nvidia CEO Jensen Huang said on Tuesday that fears AI would replace software and related tools were “illogical” and “time will prove itself.” Mark Murphy, head of U.S. enterprise software research at JPMorgan, said in a Reuters report it “feels like an illogical leap” to say a new plug-in from an LLM would “replace every layer of mission-critical enterprise software.”
What Claude’s new PowerPoint integration means for Microsoft’s AI strategy
Among the more notable product announcements: Anthropic is releasing Claude in PowerPoint in research preview, allowing users to create presentations using the same AI capabilities that power Claude’s document and spreadsheet work. The integration puts Claude directly inside a core Microsoft product — an unusual arrangement given Microsoft’s 27% stake in OpenAI.
The Anthropic spokesperson framed the move pragmatically in an interview with VentureBeat: “Microsoft has an official add-in marketplace for Office products with multiple add-ins available to help people with slide creation and iteration. Any developer can build a plugin for Excel or PowerPoint. We’re participating in that ecosystem to bring Claude into PowerPoint. This is about participating in the ecosystem and giving users the ability to work with the tools that they want, in the programs they want.”
Claude’s new PowerPoint integration, shown here analyzing a market research slide, places Anthropic’s AI directly inside a flagship Microsoft product — despite Microsoft’s major investment in rival OpenAI. (Source: Anthropic)
Advertisement
The data behind enterprise AI adoption: Who’s winning and who’s losing ground
Data from a16z’s recent enterprise AI survey suggests both Anthropic and OpenAI face an increasingly competitive landscape. While OpenAI remains the most widely used AI provider in the enterprise, with approximately 77% of surveyed companies using it in production in January 2026, Anthropic’s adoption is rising rapidly — from near-zero in March 2024 to approximately 40% using it in production by January 2026.
The survey data also shows that 75% of Anthropic’s enterprise customers are using it in production, with 89% either testing or in production — figures that slightly exceed OpenAI’s 46% in production and 73% testing or in production rates among its customer base.
Enterprise spending on AI continues to accelerate. Average enterprise LLM spend reached $7 million in 2025, up 180% from $2.5 million in 2024, with projections suggesting $11.6 million in 2026 — a 65% increase year-over-year.
OpenAI remains the dominant AI provider in enterprise settings, but Anthropic’s share has surged from near zero in early 2024 to roughly 40 percent of companies using it in production by January 2026. (Source: Andreessen Horowitz survey, January 2026)
Advertisement
Pricing, availability, and what developers need to know about Claude Opus 4.6
Opus 4.6 is available immediately on claude.ai, the Claude API, and major cloud platforms. Developers can access it via claude-opus-4-6 through the API. Pricing remains unchanged at $5 per million input tokens and $25 per million output tokens, with premium pricing of $10/$37.50 for prompts exceeding 200,000 tokens using the 1 million token context window.
For users who find Opus 4.6 “overthinking” simpler tasks — a characteristic Anthropic acknowledges can add cost and latency — the company recommends adjusting the effort parameter from its default high setting to medium.
The recommendation captures something essential about where the AI industry now stands. These models have grown so capable that their creators must now teach customers how to make them think less. Whether that represents a breakthrough or a warning sign depends entirely on which side of the disruption you’re standing on — and whether you remembered to sell your software stocks before Tuesday.
Cauldron Ferm has an unlikely origin story, as startups go. Its core technology can be traced back to the 1960s, or maybe the 1970s. The exact start is a bit hazy, actually. What is known is that David and Polly McLennan had a dream of feeding the world using protein grown from microbes.
The pair knew they needed to improve the process, which was pricy and time consuming. Most fermentation happens in batches. Picture a brewery or a vineyard. Ingredients go in and the microbes work for a while, but then the process stops when it’s time to take out the finished product. It works for alcohol because booze commands a premium price. Food, though? That needs to be cheaper.
Still, the McLennans stuck with it, starting a small business that would over the course of 40 years refine their approach to continuous fermentation, which turns microbes into assembly lines capable of cranking out products uninterrupted.
“We didn’t know what we had,” Michele Stansfied, co-founder and CEO of Cauldron Ferm, told TechCrunch. But eventually, Stansfield who arrived at the McLennans’ company in 2012, realized they had more than initially thought.
Advertisement
“We didn’t understand the challenge of continuous fermentation for synthetic biology,” Stansfield said. But when she did, she sought to transform the company from a small fee-for-service operators to a fast-moving startup. “At that point, I raised a seed round and acquired the IP, physical, and business assets.”
Cauldron has now raised $13.25 million in a Series A2 round that was led by Main Sequence Ventures with participation from Horizons Ventures, NGS Super, and SOSV, the company exclusively told TechCrunch. It had previously raised $6.5 million in 2024. Cauldron plans to use the funding to “increase the technology moat,” Stansfield said.
The company calls it’s technology “hyper fermentation,” which helps keep microbes in their maximally productive state. It can work in existing batch fermenters with a few modifications to the facility to accommodate the process. Cauldron’s customers bring their own microbes and strains, and the startup works to tweak their growing conditions, including nutrients, to keep them humming.
Techcrunch event
Advertisement
San Francisco, CA | October 13-15, 2026
Currently, Cauldron is focused on producing fats and proteins, including whey protein, “a product that can just slip into supply chains,” Stansfield said, though she adds there are more products the company has its eyes on.
Advertisement
“Sixty percent of all inputs to global economy can be produced from biology,” she said. “Food was where we started, but now we’re starting to really diversify.”
Jurors did not say whether the holdout relates to Meta or YouTube, but Kuhl told them to keep deliberating and warned that if they cannot reach a verdict, that part of the case will have to be retried before a new jury. Read Entire Article Source link
The Dutch Ministry of Finance confirmed on Monday that some of its systems were breached in a cyberattack detected last week.
Officials said the ministry was notified by a third party of the breach on March 19, and it’s still investigating the cyberattack. An ongoing investigation found that the incident affects some employees.
“The Ministry of Finance’s ICT security detected unauthorized access to systems for a number of primary processes within the policy department on Thursday, March 19,” an official statement revealed.
“Following the alert, an immediate investigation was launched, and access to these systems has been blocked as of today. This affects the work of a portion of the employees.”
Advertisement
The ministry added that the cyberattack did not impact systems used to manage tax collection, import/export regulations, and income-linked subsidies, which handle over 9.5 million tax returns annually for income tax alone.
“Services to citizens and businesses provided by the Tax and Customs Administration, Customs, and Benefits have not been affected. We will update this message when we can share more information.”
Although the ministry said the breach affected some of its employees, it didn’t disclose how many were affected or whether the attackers stole any sensitive data. Also, no cybercrime group or threat actors have taken responsibility for the attack.
BleepingComputer reached out to a Ministry of Finance spokesperson with questions about the incident, including the total number of impacted employees and how long the attackers had access to the compromised systems, but a response was not immediately available.
Advertisement
In September 2024, the Dutch national police (Politie) was also breached in a cyberattack believed to be orchestrated by a “state actor” that stole work-related contact details of multiple police officers.
More recently, in February, Dutch authorities arrested a 40-year-old man for an extortion attempt after he downloaded confidential documents mistakenly shared by the police and refused to delete them unless he received “something in return.”
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
Some people love fiddling with their 3D printers, others love printing. Some fiddle so they can spend more time printing, which is probably where this latest project comes in: an automated pressure advance calibration tool by [markniu].
Most of us don’t take enough care with pressure advance (PA). But if you want absolutely perfect prints, its something you should be calibrating for every type filament in your collection. Some would argue, ideally every individual spool. While that sort of dialing in can be fun, it takes away from actually running off prints. Bambu printers automate PA by scanning the usual sort of calibration print, but that’s still a very indirect measurement. Why not, just advance the filament, and measure the pressure at the nozzle directly? That is what PA is meant to account for, after all: the pressure of the plastic in the hotend causing oozing and blobbing at corners.
Did we mention it connects via USB-C? That’s helpfully broken out well away from the heat with a ribbon cable.
[mark]’s solution comes very close to a direct measurement. It uses a strain gauge that sits directly on top of the heatbreak, with the sound logic that the strain there experienced will be directly proportional to the pressure inside, at least along the axis of flow. Instead of filling half the bed with lines, the calibration process instead is a ‘printer poop’ style extrusion that doesn’t take nearly as long, and seems to save plastic, too. Since this puts a strain gauge in your hotend, you also get the bonus of being able to use it for bed leveling if you should so desire.
[mark] is claiming sub-90 second calibration — as you can see in the demo video embedded below — versus over seven minutes for the indirect calibration print. The value is plugged directly into Klipper, assuming you configured everything correctly, which should be easy enough looking at the instructions on the GitHub.
BrianFagioli writes: Canonical has joined the Rust Foundation as a Gold Member, signaling a deeper investment in the Rust programming language and its role in modern infrastructure. The company already maintains an up-to-date Rust toolchain for Ubuntu and has begun integrating Rust into parts of its stack, citing memory safety and reliability as key drivers. By joining at a higher tier, Canonical is not just adopting Rust but also stepping closer to its governance and long-term direction.
The move also highlights ongoing tensions in Rust’s ecosystem. While Rust can reduce entire classes of bugs, it often depends heavily on external crates, which can introduce complexity and auditing challenges, especially in enterprise environments. Canonical appears aware of that tradeoff and is positioning itself to influence how the ecosystem evolves, as Rust continues to gain traction across Linux and beyond. “As the publisher of Ubuntu, we understand the critical role systems software plays in modern infrastructure, and we see Rust as one of the most important tools for building it securely and reliably. Joining the Rust Foundation at the Gold level allows us to engage more directly in language and ecosystem governance, while continuing to improve the developer experience for Rust on Ubuntu,” said Jon Seager, VP Engineering at Canonical. “Of particular interest to Canonical is the security story behind the Rust package registry, crates.io, and minimizing the number of potentially unknown dependencies required to implement core concerns such as async support, HTTP handling, and cryptography — especially in regulated environments.”
In a CNN interview in which he was asked about Apple’s upcoming 50th anniversary and how the company has shaped the tech industry, Wozniak was asked what excites and scares him about AI. Read Entire Article Source link
The internet has been rightfully enjoying videos from the defamation trial against Afroman, a musician known for his humorous songs including “Because I got high.” The lawsuit involves songs he wrote about a 2022 raid police conducted on his house, which was based on flimsy evidence. The songs justifiably mock the officers involved. Mike Masnick wrote a recap of the case here, which is worth reading for many reasons, but the songs and Afroman’s testimony are true highlights.
After the raid, Afroman released his songs on YouTube and they went viral initially on TikTok, both massive platforms for users to share their speech and that of other users. The officers who raided his home, seeking to silence someone making fun of them, sued Afroman for defamation, emotional distress, and other causes in 2023.
Spoiler: Afroman won. The songs are not defamatory. But we didn’t know that for sure until a jury told us so this week. For three years, from the moment the lawsuit was filed until the jury issued its verdict, the songs were allegedly defamatory. And their continued “publication” ran the risk of liability.
So why could we still see the songs on YouTube, TikTok, Bluesky, and whatever other online platforms where we first encountered them? One big reason is Section 230 of the Communications Decency Act.
Advertisement
Section 230 says that interactive computer service providers, like online platforms, cannot be treated as the publisher or speaker of information content provided by other information content providers. That means that YouTube could not be liable for the content of Afroman’s songs, even if they were defamatory. That’s the balance Section 230 strikes. Under 230, there is still accountability for the speaker, but online platforms are not liable for their users’ illegal speech.
On March 18, Daphne Keller, a professor of law at Stanford and expert in intermediary liability laws around the world, testified before the Senate Commerce Committee. She tried to explain to the Senators that Section 230 may not be perfect, but it’s still better than any of the options she has seen. To understand why Daphne’s right, let’s think about what Afroman’s case might have looked like without Section 230. The moment Afroman was allowed to distribute his songs about the raid on YouTube, the company could have been liable for any potentially illegal speech they contained. That means YouTube probably also would have been a co-defendant in the cops’ suit. At the scale many online platforms operate at, these kinds of accusations of defamation and lawsuits related to user posts would happen hundreds of thousands, if not millions, of times a day.
That’s a lot of litigation.
Advertisement
Staring down the barrel of that many potential lawsuits every day, no reasonable platform would have allowed Afroman’s speech to stay up. The moment an accusation of illegality surfaced, a platform acting reasonably would likely take the speech down. And to be clear, we have evidence that this is how they would react: That’s the incentive structure currently in place under the Digital Millenium Copyright Act (DMCA). The DMCA creates a notice and takedown system for alleged copyright violations and evidence suggests that impropertakedown requests are common and, even with the safeguards for speech built into that law, result in over-censorship. Replicating a version of the DMCA for all content on the internet writ large would likely produce the same overcensorship result. At a minimum, the platforms certainly wouldn’t allow their algorithms to recommend posts linking to the defamatory songs, effectively “shadowbanning” them, which is probably one of the main ways many people came across the songs to begin with.
The upshot is: Section 230 created the conditions that allowed us to hear Afroman’s songs, and allowed platforms to recommend them, even while their status was in legal limbo.
There are millions of similar situations, large and small, every day where Section 230 ensures that online platforms do not have to try to make context-specific legal judgment calls. Section 230 may not be perfect. No law is. But it’s the best and most effective protection for free expression online we have, allowing online services to simply let their users speak. Congress should be very cautious about changing it, let alone eliminating it altogether.
Kate Ruane is the Director of the Free Expression Program and the Center for Democracy & Technology, where she advocates for the protection of free speech and human rights in the digital age.
Facilities for recycling these types of plastic exist, but getting waste to these locations clean and free of what some call “wishful recycling” items (compostable cups, plastic utensils) is such a challenge that the majority of soft plastics, even the bags recycled at the front of grocery stores, end up in the trash. The SPC is what Arbouzov calls a “pre-recycling device,” designed to simplify this stream and deliver plastic that’s contained, traceable, and more likely to make it through the system.
I tried to envision how the blocks would turn into patio furniture, as advertised, but didn’t learn exactly how until months later, when Arbouzov sent me a video of the blocks at their final destination—a facility in Frankfort, Indiana, that specializes in processing polyethylene and polypropylene films. The blocks get shredded into crumbles resembling, at least on video, handfuls of wet newspaper, which are then compressed into composite decking, chairs, garden edging, and more.
Courtesy of Clear Drop
Advertisement
Courtesy of Clear Drop
“The full cycle from mailing a block to it entering recycling processing typically takes a few weeks,” Arbouzov said, “depending on shipping time and batching schedules.” Right now, the Frankfort location is the only facility processing the blocks, but Arbouzov said he hopes this is only temporary.
“Our goal is to shift more of this processing closer to where the material is generated, so blocks can move in bulk through regional recycling infrastructure rather than through mail-based logistics,” he said. “The mail-back system is essentially a bridge that allows the material to be captured today while that larger infrastructure develops.”
Recycling, Rewired
I found that my household of three was able to produce a block every couple of weeks, which quickly outpaced the provided supply of mailers. As the blocks started piling up on the floor of my office, I found myself wishing the SPC made something useful for consumers. Spoons, straws, 3D-printing filament … anything that could be used at home.
Advertisement
However, a 2023 Greenpeace report found that recycling plastic can actually make it even more toxic than it already is—heating it can not only cause existing chemicals to escape into the air and water supply, but even create new ones, like benzene. Would I want this in my house? Does recycled plastic actually belong in a circular economy? I asked Arbouzov what he thought.
Plenty of old handhelds spend their retirement gathering dust in a box somewhere, and this Game Boy Advance was no exception. Abandoned, completely dead, and sporting a screen that had burned out from years of neglect, it was not an obvious candidate for a comeback. Odd Tinkering took it apart piece by piece anyway, worked through every problem methodically, and brought it back to life with a handful of modern upgrades that breathe new life into the hardware without losing any of what made it special in the first place.
From the start it was completely dead, just a dark screen and no response when you tried to power it on. Some thorough cleaning got the electricity flowing again, and original Game Boy and Game Boy Color titles loaded up without complaint. GBA games were a different story though, refusing to run no matter what. The small mode detection switch inside the cartridge slot got a good wipe, which seemed like it should have done the trick, but the games still wouldn’t cooperate. The real culprit turned out to be oxidation sitting on the pins of the main chip. One more cleaning session and the problem disappeared entirely, with the system reading every cartridge thrown at it without a single issue.
The screen was in rough shape, covered in dark blotches from years of burn in. New polarizing film cleared that up, though the display was still noticeably dim by modern standards, so an IPS panel went in next and solved the brightness issue immediately. Colors are vivid and the viewing angles are excellent, exactly what you want from a handheld you are actually going to use. The upgraded screen meant the original shell no longer fit, so the team scanned it with a 3D scanner and printed a new one in resin, a deep blue that nods to the classic aesthetic while hiding the modern hardware inside. The fit is perfect, with no gaps or wobble anywhere.
The toolkit was refreshingly basic, a set of screwdrivers for disassembly, a soldering iron and desoldering tool for any stubborn connections, and hydrogen peroxide with UV light to lift the yellowing from the plastic. No specialty equipment, no secret techniques, just a clean and methodical process from the first screw to the last.
The Tycoon2FA phishing-as-a-service (PhaaS) platform that Europol and partners disrupted on March 4 has already returned to previously observed activity levels.
Microsoft led the technical disruption, which involved seizing 330 domains part of Tycoon2FA’s backbone infrastructure that included control panels and phishing pages used in attacks.
However, the disruption caused by the law enforcement was short-lived, as CrowdStrike noticed the cybercrime service return to normal operational volumes within days.
“Falcon Complete observed a short-term decrease in the volume of Tycoon2FA campaign activity following the takedown, with daily volumes on March 4 and March 5, 2026, reducing to 25% of pre-disruption levels,” reads CrowdStrike’s report.
Advertisement
“However, this volume subsequently returned to pre-disruption levels, with daily levels of cloud compromise active remediations returning to early 2026 levels.”
First documented by Sekoia roughly two years ago, Tycoon2FA appeared online as a PhaaS platform dedicated to targeting Microsoft 365 and Gmail accounts, featuring adversary-in-the-middle mechanisms that enable bypassing two-factor authentication (2FA) protections.
A month later, Trustwave reported that Tycoon2FA’s operators were actively improving the platform, adding new, advanced features, and enticing more cybercriminals to purchase access.
Tycoon2FA is a significant actor on the phishing scene, with Microsoft reporting that it generated 30 million phishing emails per month, accounting for 62% of all emails blocked by the tech giant.
Advertisement
According to CrowdStrike, Tycoon2FA is back in business using largely unchanged techniques, tactics, and procedures (TTPs), and supported a diverse set of illegal activities, like business email compromise (BEC), email thread hijacking, cloud account takeovers, and malicious SharePoint links.
After the disruption action, Tycoon2FA has been used in malicious email campaigns that relied on malicious URLs and shortener services, legitimate platforms such as presentation tools, where redirection mechanisms are abused, and also compromised domains.
AI-generated decoy web pages used in Tycoon2FA attacks Source: CrowdStrike
Interestingly, some of the old infrastructure remained active, indicating that the disruption was incomplete, while new phishing domains and IP addresses were registered quickly following the law enforcement operation.
Regarding the observed post-compromise activity, this includes the creation of inbox rules, hidden folders for fraud emails, and preparation for BEC operations.
Ultimately, CrowdStrike comments that, without arrests or physical seizures, it’s easy for cybercriminals to recover and replace the impacted infrastructure. As long as the demand from the phishing ecosystem is high, the motive for PhaaS platform operators remains unchanged.
Advertisement
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
You must be logged in to post a comment Login