Cybersecurity researchers have uncovered an active phishing campaign targeting corporate Microsoft 365 users by exploiting the OAuth 2.0 Device Authorization Grant flow. Instead of relying on traditional credential harvesting via fake login pages, this sophisticated attack tricks victims into authorizing an attacker-controlled device. This method leverages legitimate Microsoft authentication infrastructure, making the intrusion highly convincing […]
The post Microsoft 365 Users Targeted by Device Code Phishing Campaign Using OAuth 2.0 Flow appeared first on Cyber Security News.