WinBuzzer

Microsoft 365 Phishing Surge: Attackers Weaponize Legitimate Device Code Flow to Bypass MFA

Cybercriminals have launched a widespread phishing campaign exploiting Microsoft's OAuth device code flow to bypass MFA and ...

2FA Code Attacks Surge As Russian Hackers Target Microsoft Users

Hackers thought to be aligned with China and Russia are suspected to be behind a wave of account takeover attacks targeting Microsoft 365 users.

Microsoft 365 accounts targeted in wave of OAuth phishing attacks

Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism.
Bleeping Computer

OAuth Device Code Phishing: Azure vs. Google Compared

Come along with me on a journey as we delve into the swirling, echoing madness of identity attacks. Today, I present a case study on how different implementations of OAuth 2.0, the core authentication ...
Ars Technica

Why MFA is getting easier to bypass and what to do about it

An entire cottage industry has formed around phishing attacks that bypass some of the most common forms of multifactor authentication (MFA) and allow even non-technical users to quickly create sites ...
Dark Reading

Beware of Device Code Phishing

Device codes are alphanumeric or numeric codes employed for authenticating an account on a device that does not have a standard login interface, such as a browser or input-limited devices, where it is ...
ZAWYA

Kaspersky detected a fivefold surge in QR code phishing attacks in the second half of 2025

Example of a PDF attachment with a QR code. Malicious QR codes commonly appear in mass phishing campaigns as well as targeted ...