Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. In this type of attack, the threat actor sends a ...
A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise attacks.
Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results