Bleeping Computer

Hackers target Microsoft Entra accounts in device code vishing attacks

Once the user signs in, the device is able to get access tokens and refresh tokens as needed." This authentication flow is similar to what you see when logging into a streaming service, such as ...
Infosecurity-magazine.com

Russian Hackers Target Microsoft 365 Accounts with Device Code Phishing

Multiple Russian nation-state actors are targeting sensitive Microsoft 365 accounts via device code authentication phishing, a new analysis by Volexity has revealed. The firm first observed this ...
CSOonline

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...
Hosted on MSN

The growing threat of device code phishing and how to defend against It

Just as we think we’re getting one step ahead of cybercriminals, they find a new way to evade our defenses. The latest method causing trouble for security teams is that of device code phishing, a ...