A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.

The phishing-as-a-service toolkit leverages legitimate authentication to capture tokens and access Microsoft 365 services.

Come along with me on a journey as we delve into the swirling, echoing madness of identity attacks. Today, I present a case study on how different implementations of OAuth 2.0, the core authentication ...

Device code phishing targets 340+ Microsoft 365 orgs since Feb 2026 via OAuth abuse, enabling persistent token hijacking and ...

Proofpoint reports phishing surge abusing Microsoft OAuth 2.0 device code flow Victims enter codes on real Microsoft domains, granting attackers access tokens Proofpoint advises blocking device code ...

Just as we think we’re getting one step ahead of cybercriminals, they find a new way to evade our defenses. The latest method causing trouble for security teams is that of device code phishing, a ...

Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more ...

Two-factor authentication is one of the most effective ways to keep your accounts safe, but it also means that if you ever lose your phone and don’t have access to a backup code, you won’t be able to ...

OneSpan's new line of hardware authentication products, Digipass CX1 and Digipass CX2, promises a cloud-connected solution to identity verification. But what makes the devices better than just ...

Two-factor authentication is a security measure that makes you pass two security tests before gaining access to your account or device. As hackers and hacking systems become more advanced, experts say ...