Threat Intelligence 6 min read
OAuth Device Code Phishing: 340+ Microsoft 365 Organizations Compromised in Weeks
A massive OAuth device code phishing campaign has compromised more than 340 Microsoft 365 organizations across 5 countries. Attackers abuse Microsoft's legitimate device authorization flow to obtain persistent tokens that bypass MFA.