OAuth Device Code Phishing: A New Microsoft 365 Account Breach Vector 

SecurityVendor
Yanac

ANY.RUN’s analysts are observing a sharp increase in phishing activity abusing Microsoft’s OAuth Device Code flow, with more than 180 phishing URLs detected in just one week. This technique represents a shift from credential phishing to token-based account takeover, making detection significantly harder for many SOC teams.  Key Takeaways  How the Attack Works  In this campaign, attackers abuse Microsoft’s device
The post OAuth Device Code Phishing: A New Microsoft 365 Account Breach Vector appeared first on ANY.RUN’s Cybersecurity Blog.ANY.RUN’s Cybersecurity BlogRead More