Microsoft flagged 8.3 billion phishing emails as attackers turned to QR codes, fake CAPTCHAs, PhaaS kits, and file-based ...

A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise attacks.

Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. In this type of attack, the threat actor sends a ...

Microsoft noted a marked increase in QR-code attacks and CAPTCHA delivery methods.

The Federal Bureau of Investigation has issued a warning about a growing cyber threat that turns everyday QR codes into spying tools. According to the bureau, a North Korean government-sponsored ...

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...

Microsoft 365 is under attack, China and Russia afflited hackers suspected. Updated December 23 with advice from a mobile security solutions expert regarding the Russian device code attacks targeting ...

LONDON--(BUSINESS WIRE)--BLACK HAT, EUROPE — (Booth #305) — Push Security, a leader in browser-based detection and response, today announced the discovery of a new class of phishing attack that ...

The Microsoft Defender Security Research Team has confirmed that a pervasive new authentication code attack is compromising ...

Instead of stealing passwords, attackers trick users into granting access themselves — using real login systems and AI-driven deception. Why does it matter? This marks a shift from stealing passwords ...

AI-fueled attacks can transform an innocuous webpage into a customed phishing page. The attacks, revealed in a research from Palo Alto Networks’ Unit 42, are clever in how they combine various ...