The Hacker News

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

A Russia-aligned threat group uses Microsoft 365 device code phishing to steal credentials and take over accounts, tracked ...
Security Boulevard

Surge of OAuth Device Code Phishing Attacks Targets M365 Accounts

Financially motivated and nation-state threat groups are behind a surge in the use of device code phishing attacks that abuse Microsoft's legitimate OAuth 2.0 device authorization grant flow to trick ...
Infosecurity-magazine.com

Russian Hackers Target Microsoft 365 Accounts with Device Code Phishing

Multiple Russian nation-state actors are targeting sensitive Microsoft 365 accounts via device code authentication phishing, a new analysis by Volexity has revealed. The firm first observed this ...

State actors are abusing OAuth device codes to get full M365 account access - here's what we know

Proofpoint reports phishing surge abusing Microsoft OAuth 2.0 device code flowVictims enter codes on real Microsoft domains, ...