The Hacker News

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Device code phishing targets 340+ Microsoft 365 orgs since Feb 2026 via OAuth abuse, enabling persistent token hijacking and ...
Yahoo

One Million Two-Factor Authentication Codes Were Recently Exposed

One-time SMS codes are widely used as the second checkpoint in two-factor authentication (2FA) to sign into everything from banking apps to email accounts. As I've written before, though, SMS is one ...
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.
CSO Online

EvilTokens abuses Microsoft device code flow for account takeovers

The phishing-as-a-service toolkit leverages legitimate authentication to capture tokens and access Microsoft 365 services.
Hosted on MSN

State actors are abusing OAuth device codes to get full M365 account access - here's what we know

Proofpoint reports phishing surge abusing Microsoft OAuth 2.0 device code flow Victims enter codes on real Microsoft domains, granting attackers access tokens Proofpoint advises blocking device code ...
Tidbits

Reacting to Unsolicited Two-Factor Authentication Codes

I have long encouraged the use of two-factor authentication (2FA) or two-step verification (2SV) with online accounts whenever possible (for more about the difference, see “Two-Factor Authentication, ...
Forbes

How Scammers Are Using Two-Factor Authentication To Commit Fraud

Two-factor authentication (2FA) is a method that allows users to gain access to their accounts and devices by presenting two separate and distinct forms of identification. A common form of second ...
Hosted on MSN

The growing threat of device code phishing and how to defend against It

Just as we think we’re getting one step ahead of cybercriminals, they find a new way to evade our defenses. The latest method causing trouble for security teams is that of device code phishing, a ...

Microsoft 365 Under Siege: Phishing Campaign Bypasses MFA Across 5 Countries

A global phishing campaign targeting Microsoft 365 bypasses security codes using a legitimate login feature, impacting ...
Field Technologies Online

BlueFletch Pioneers Integration With Microsoft's QR Code + PIN Authentication For Frontline Workers

BlueFletch leads the way in enhancing security and efficiency for frontline workers with a seamless, cost-effective solution for shared Android devices. BlueFletch, a leading provider of secure ...
Android Police

Fight me: Google's new QR code authentication should be the standard

Jon has been an author at Android Police since 2021. He primarily writes features and editorials covering the latest Android news, but occasionally reviews hardware and Android apps. His favorite ...
TechCrunch

WhatsApp now allows businesses to send authentication codes to users in India

WhatsApp now allows businesses to send authentication and login codes through its API to users in India. The company confirmed that it enabled this functionality in India starting July 1. Meta ...