Hackers Exploit OAuth Device Flow to Steal Microsoft 365 Tokens
This story is only covered by news sources that have yet to be evaluated by the independent media monitoring agencies we use to assess the quality and reliability of news outlets on our platform. Learn more here.11 Articles
11 Articles
IT Security News - cybersecurity, infosecurity news
cybernoz.comHackers Exploit OAuth Device Flow to Steal Microsoft 365 Tokens
Hackers are rapidly weaponizing a little-known Microsoft authentication feature to hijack enterprise accounts, as device code phishing surges across the threat landscape. The spike in activity is closely tied to the public release of criminal toolkits and phishing-as-a-service (PhaaS) platforms, making the once obscure technique widely accessible. New kits are appearing almost weekly, many seemingly […] The post Hackers Exploit OAuth Device Flow…
Tycoon 2FA Operators Adopt OAuth Device Code Phishing to Bypass MFA
Cybercriminals behind the Tycoon 2FA phishing kit have added a powerful new weapon to their playbook. By combining their well-known phishing infrastructure with OAuth Device Code abuse, they can now steal access to Microsoft 365 accounts without ever capturing a single password. The Tycoon 2FA phishing kit first gained attention as a Phishing-as-a-Service (PhaaS) platform. It was designed to help attackers bypass multi-factor authentication by r…
Coverage Details
Bias Distribution
- There is no tracked Bias information for the sources covering this story.
Factuality
To view factuality data please Upgrade to Premium
