Device code phishing attacks surge 37x as new kits spread online

Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more ...
Hosted on MSN

State actors are abusing OAuth device codes to get full M365 account access - here's what we know

Proofpoint reports phishing surge abusing Microsoft OAuth 2.0 device code flow Victims enter codes on real Microsoft domains, granting attackers access tokens Proofpoint advises blocking device code ...
Android Authority

Find My Device may soon let you find your Pixel phone even when it's off

Find My Device helps you locate your lost Android device or accessory. At the moment, it requires the device to be online and powered on to report its location. This caveat could go away soon, though, ...
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.
CSOonline

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...
Forbes

Lost With Android Find My Device? You’re Not Alone

A few weeks ago, I received two new tracking devices from a popular brand to try out with Google’s new Android Find My Device network. I activated and synchronized both pieces – a keychain tag and a ...