KnowBe4 Threat Labs has uncovered a sophisticated phishing campaign hitting North American businesses and professionals. Attackers are compromising Microsoft 365 accounts, including Outlook, Teams, and OneDrive, by exploiting the OAuth 2.0 Device Authorization Grant flow. This method sidesteps strong passwords and Multi-Factor Authentication (MFA), granting persistent access to corporate data. First spotted in December 2025, […] The post Threat Actors Target Microsoft 365 Accounts In OAuth Token Theft Operation appeared first on Cyber Security News.