Overlooked attack method used since last August in a rash of account takeovers. Well, this sucks. But the target list makes sense, from the perspective of an enemy attacking. Ed: trying to be sure the ...

Device code phishing is not new, with multiple threat actors having used this method to breach accounts in the past. In February 2025, the Microsoft Threat Intelligence Center warned that Russian ...

Microsoft's headquarters in Redmond, Washington, on July 3, 2024. The tech giant is leaning on its channel partners to accelerate enterprise AI adoption. This story was originally published on ...

Security researchers warn that threat groups are exploiting Microsoft's OAuth device code authentication to bypass multi-factor protection and hijack enterprise accounts. The technique, with ...

Unwitting employees register a hacker’s device to their account; the crook then uses the resulting OAuth tokens to maintain persistent access. Another device code phishing campaign that abuses OAuth ...

Russian state-sponsored hackers have been linked to an ongoing Signal and WhatsApp phishing campaign targeting government officials, military personnel, and journalists to gain access to sensitive ...

Starkiller phishing suite uses live reverse proxying to bypass MFA, while attackers abuse OAuth device codes to hijack Microsoft 365 accounts.

The Federal Bureau of Investigation has issued a warning about a growing cyber threat that turns everyday QR codes into spying tools. According to the bureau, a North Korean government-sponsored ...