Infosecurity-magazine.com

OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...
Bleeping Computer

Hackers target Microsoft Entra accounts in device code vishing attacks

In February 2025, the Microsoft Threat Intelligence Center warned that Russian hackers were targeting Microsoft 365 accounts using device code phishing. In December, ProofPoint reported similar ...