ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions, has recently observed a surge in phishing activity abusing Microsoft’s OAuth Device Code flow, with more than 180 phishing URLs detected in just one week.  By tricking victims into completing a legitimate Microsoft authentication step, attackers can obtain OAuth tokens and access corporate M365 environments […] The post New Alert: Hackers Hijack Corporate M365 Accounts with OAuth Device Codes   appeared first on Cyber Security News.