Bleeping Computer

Hackers target Microsoft Entra accounts in device code vishing attacks

After you enter the code and authenticate, the device is automatically linked to your account without ever handling your password directly. To conduct a device-code phishing attack, threat actors need ...
Infosecurity-magazine.com

OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...