Ars Technica

Russian spies use device code phishing to hijack Microsoft accounts

Overlooked attack method used since last August in a rash of account takeovers. Well, this sucks. But the target list makes sense, from the perspective of an enemy attacking. Ed: trying to be sure the ...
Infosecurity-magazine.com

OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...
CSOonline

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...
Hosted on MSN

If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish

Digital thieves – quite possibly Kremlin-linked baddies – have been emailing out bogus Microsoft Teams meeting invites to trick victims in key government and business sectors into handing over their ...
AppleInsider

MacPaw introduces on-device phishing detection to boost macOS security

MacPaw's latest research introduces an on-device, real-time phishing detection system to improve Mac users' cybersecurity. Ivan Petrukha, Senior Research Engineer at MacPaw, will present research on ...
Al Bawaba

Kaspersky detected a fivefold surge in QR code phishing attacks in the second half of 2025

Kaspersky reports a spike in phishing emails containing malicious QR codes. Detections for these jumped from 46,969 in August ...