CSOonline

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...

New scam targets Microsoft users, FBI warns. Here's how to protect yourself

This phishing scam doesn't rely on a fake website. Instead, it tricks users into approving access themselves.
Bleeping Computer

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. Despite an international law enforcement operation ...
Infosecurity-magazine.com

Russian Hackers Target Microsoft 365 Accounts with Device Code Phishing

Multiple Russian nation-state actors are targeting sensitive Microsoft 365 accounts via device code authentication phishing, a new analysis by Volexity has revealed. The firm first observed this ...
Memeburn

FBI Warns Microsoft Users as Kali365 Attack Spreads Across Outlook and Teams

The FBI warns Microsoft 365 users about Kali365 phishing attacks that bypass MFA and steal Outlook, Teams, and OneDrive ...
Bleeping Computer

Microsoft 365 accounts targeted in wave of OAuth phishing attacks

Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism. Attackers trick victims into entering a device code on ...

FBI Warns: ‘Kali365’ Phishing Service Targets Microsoft 365 Accounts

The FBI warned that Kali365 can hijack Microsoft 365 accounts by abusing device code authentication and capturing OAuth tokens.
Tech Digest

Microsoft 365 users targeted in sophisticated ‘vishing’ attack

Image: Bleeping Computer. https://www.bleepingcomputer.com/news/security/hackers-target-microsoft-entra-accounts-in-device-code-vishing-attacks/ Hackers have launched ...