Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...
Bitdefender

FBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts — no password required

Surely your Microsoft 365 accounts are safe now? Well, think again. The FBI has issued an advisory warning about a ...
Yahoo Finance

Phishing campaign targets Microsoft device-code authentication flows

The above button links to Coinbase. Yahoo Finance is not a broker-dealer or investment adviser and does not offer securities or cryptocurrencies for sale or facilitate trading. Coinbase pays us for ...
Cyber Daily

Australian Signals Directorate warns of device code phishing activity targeting Microsoft 365 users

Aussie victims are being tricked into giving malicious actors access to their Microsoft 365 environments with the help of AI ...
CSO Online

Security experts caution MFA alone can no longer stop threat actors

Current campaigns are allowing even novice attackers to scoop up authentication tokens with increasing frequency, bypassing ...
Hosted on MSN

State actors are abusing OAuth device codes to get full M365 account access - here's what we know

Proofpoint reports phishing surge abusing Microsoft OAuth 2.0 device code flow Victims enter codes on real Microsoft domains, granting attackers access tokens Proofpoint advises blocking device code ...
Forbes

Microsoft Confirms New And Widespread 2FA Code Attacks Ongoing

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This voice experience is generated by AI. Learn more. This ...
CSOonline

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...