winbuzzer.com

Microsoft 365 Phishing Surge: Attackers Weaponize Legitimate Device Code Flow to Bypass MFA

Cybercriminals are launching a widespread wave of phishing attacks that bypass Multi-Factor Authentication (MFA) by exploiting a standard Microsoft 365 feature. Security researchers at Proofpoint warn ...
CSOonline

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...
Windows Report

Beware! Hackers Are Exploiting OAuth Device Code to Scam Microsoft 365 Users

Hackers are abusing a legitimate Microsoft authentication feature to break into enterprise Microsoft 365 accounts, even when multifactor authentication is enabled. Security researchers warn that ...
Bleeping Computer

Microsoft 365 accounts targeted in wave of OAuth phishing attacks

Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism. Attackers trick victims into entering a device code on ...
Forbes

Shut Down And Restart—New Microsoft Attack Beats Passwords, 2FA And Passkeys

Forbes contributors publish independent expert analyses and insights. Zak Doffman writes about security, surveillance and privacy. There are some attacks that should never get through. Period. It ...
Morningstar

Push Security Uncovers “ConsentFix”: A New Class of Browser-Native Phishing Attack

BLACK HAT, EUROPE — (Booth #305) — Push Security, a leader in browser-based detection and response, today announced the discovery of a new class of phishing attack that enables Microsoft account ...
Cloud Security Alliance

Microsoft Entra ID Vulnerability: The Discovery That Shook Identity Security

In July 2025, the cybersecurity world was rocked by security researcher Dirk-jan Mollema’s unveiling of a catastrophic vulnerability within Microsoft Entra ID. This was no ordinary flaw; it was a ...
Bleeping Computer

OAuth Device Code Phishing: Azure vs. Google Compared

Come along with me on a journey as we delve into the swirling, echoing madness of identity attacks. Today, I present a case study on how different implementations of OAuth 2.0, the core authentication ...
Marine Link

Safeguarding Security on Nuclear-Powered Ships

No civilian maritime nuclear facilities have been commissioned in over four decades, but there’s been three major reports released this month on their future potential. DNV’s latest report, Maritime ...
Ars Technica

Hackers can steal 2FA codes and private messages from Android phones

Android devices are vulnerable to a new attack that can covertly steal two-factor authentication codes, location timelines, and other private data in less than 30 ...
GCN

How to prepare for Microsoft mandatory MFA enforcement

Time’s running out! Microsoft mandatory MFA enforcement is bulldozing its way into organizations across the globe, and the October 2025 deadline cannot be compromised. The thing is, unlike in earlier ...