Just as we think we’re getting one step ahead of cybercriminals, they find a new way to evade our defenses. The latest method causing trouble for security teams is that of device code phishing, a ...

An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. The targets are in the ...

A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing ...

Researchers have uncovered a sustained and ongoing campaign by Russian spies that uses a clever phishing technique to hijack Microsoft 365 accounts belonging to a wide range of targets, researchers ...

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. Despite an international law enforcement operation ...

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...

Add Yahoo as a preferred source to see more of our stories on Google. A new cyber scam is targeting Microsoft 365, one of the most used productivity platforms, according to a report from the U.S.

In late May, the FBI warned U.S. residents of a new phishing scam, Kali365 targeting Microsoft 365 users. Here's how to ID, ...

Unwitting employees register a hacker’s device to their account; the crook then uses the resulting OAuth tokens to maintain persistent access. Another device code phishing campaign that abuses OAuth ...