Microsoft Defender Security Research has observed a widespread phishing campaign leveraging the device code authentication flow to compromise organizational accounts at scale. While traditional device ...

A new phishing-as-a-service (PhaaS) campaign is abusing Microsoft’s device code authentication flow to gain unauthorized access to user accounts. Sekoia researchers first spotted the toolkit ...

Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, ...

Close-up on a woman controlling the temperature of her smart home using a mobile app on a digital tablet - Andresr/Getty Images Smart home devices are supposed to make residences more efficient, ...

Hackers are hijacking Microsoft enterprise accounts by abusing a legitimate device-code authentication feature, tricking victims into entering attacker-generated codes on Microsoft’s own login portal.

Image: Bleeping Computer. https://www.bleepingcomputer.com/news/security/hackers-target-microsoft-entra-accounts-in-device-code-vishing-attacks/ Hackers have launched ...

Once the user signs in, the device is able to get access tokens and refresh tokens as needed." This authentication flow is similar to what you see when logging into a streaming service, such as ...

Unwitting employees register a hacker’s device to their account; the crook then uses the resulting OAuth tokens to maintain persistent access. Another device code phishing campaign that abuses OAuth ...

Cybercriminals are launching a widespread wave of phishing attacks that bypass Multi-Factor Authentication (MFA) by exploiting a standard Microsoft 365 feature. Security researchers at Proofpoint warn ...

Hackers are abusing a legitimate Microsoft authentication feature to break into enterprise Microsoft 365 accounts, even when multifactor authentication is enabled. Security researchers warn that ...