WeLiveSecurity

EvilTokens: A phishing attack that doesn’t steal your password

A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing ...
Bleeping Computer

New EvilTokens service fuels Microsoft device code phishing attacks

A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise attacks.
Bleeping Computer

Device code phishing attacks surge 37x as new kits spread online

Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. In this type of attack, the threat actor sends a ...
RaillyNews

Next-Gen Phishing Attacks Don’t Need Passwords

Discover how next-generation phishing attacks bypass passwords, emphasizing the need for advanced security measures to protect your digital assets.
Infosecurity-magazine.com

OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...
Fox News

FBI warns QR code phishing used in North Korean cyber spying

The Federal Bureau of Investigation has issued a warning about a growing cyber threat that turns everyday QR codes into spying tools. According to the bureau, a North Korean government-sponsored ...
The Journal

AI-Driven Campaign Compromises Accounts More Effectively than Traditional Phishing Attacks

Instead of stealing passwords, attackers trick users into granting access themselves — using real login systems and AI-driven deception. Why does it matter? This marks a shift from stealing passwords ...