This article reports that a Europol-led international law enforcement operation successfully disrupted Tycoon2FA, a major phishing-as-a-service platform responsible for tens of millions of phishing messages monthly. The operation involved seizing 330 domains linked to the platform's infrastructure, including control panels and phishing pages, and was supported by private partners like Microsoft, Cloudflare, Coinbase, and others. Tycoon2FA, active since at least August 2023, targeted organizations worldwide—including those in Portugal—by bypassing multi-factor authentication (MFA) to compromise nearly 100,000 accounts across sectors such as government, healthcare, and education. The platform used sophisticated techniques like reverse proxy servers to intercept login credentials and session cookies, enabling attackers to hijack sessions and evade MFA protections. The disruption aims to reduce the threat posed by this widespread phishing operation.