Device codes are the new frontier for phishing as Barracuda detects 7 million attacks in four weeks

Device code phishing has advantages over traditional credential phishing in stealth, persistence and evasion. New research from Barracuda provides step-by-step ins ...
Information Age

Australian Microsoft users warned of code phishing threat

Australia’s national cybersecurity agency says users of Microsoft 365 software should be wary of a "growing threat" from ...
Ars Technica

Russian spies use device code phishing to hijack Microsoft accounts

Overlooked attack method used since last August in a rash of account takeovers. Well, this sucks. But the target list makes sense, from the perspective of an enemy attacking. Ed: trying to be sure the ...
Bleeping Computer

Hackers target Microsoft Entra accounts in device code vishing attacks

KnowBe4 recommends that Microsoft 365 account holders block the malicious domains and sender addresses, audit and revoke suspicious OAuth app consents, and review Azure AD sign-in logs for device code ...
Computerworld

New phishing campaign tricks employees into bypassing Microsoft 365 MFA

Unwitting employees register a hacker’s device to their account; the crook then uses the resulting OAuth tokens to maintain persistent access. Another device code phishing campaign that abuses OAuth ...