Hundreds of orgs compromised daily in Microsoft device code phishing attacks

Hundreds of organizations have been compromised daily by a Microsoft device-code phishing campaign that uses AI and ...
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.
CSO Online

EvilTokens abuses Microsoft device code flow for account takeovers

The phishing-as-a-service toolkit leverages legitimate authentication to capture tokens and access Microsoft 365 services.
Bleeping Computer

Hackers target Microsoft Entra accounts in device code vishing attacks

After you enter the code and authenticate, the device is automatically linked to your account without ever handling your password directly. To conduct a device-code phishing attack, threat actors need ...