Cybercriminals are abandoning traditional credential theft for a stealthier, devastating alternative OAuth device code phishing. By exploiting legitimate Microsoft 365 authorization flows, threat actors are bypassing multi-factor authentication to steal access tokens, hijack corporate emails, and launch severe ransomware attacks. What was once an obscure red-team tactic has exploded into a massive threat, supercharged by […]
The post Microsoft 365 Tokens Stolen Through OAuth Device Authorization Attacks appeared first on Cyber Security News.