The chances that hackers can brute force the whole seed phrase from just twelve seed phrase is possible with powerful computional algorithmic tools, very possible tools like btcrecover can be able to do it with high computational power.
No, it isn't.
A 24 word BIP39 phrase has 256 bits of entropy, with 8 bits of checksum. Depending on which 12 words the attacker knows, then, the remaining 12 words have either 132 bits or 124 bits of entropy. Both are still far outside the realms of possibilities, with the time taken to brute force measured in billions of years even with huge amounts of cloud computing dedicated to the task.
Yes, but if 2^132 is the initial searching space when someone knows the last 12 words of a 24 phrase, you have to consider the fact that only 2^124 combinations generate the same known checksum.
In other words the brute attacker can immediately discard 2^8 combinations without derive the addresses to check if they contain some tokens.