Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages. The attacks target government and public-sector ...

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...

A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking ...

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Proofpoint reports phishing surge abusing Microsoft OAuth 2.0 device code flow Victims enter ...

A global phishing campaign targeting Microsoft 365 bypasses security codes using a legitimate login feature, impacting hundreds of organizations.

Microsoft Incident Response – Detection and Response Team (DART) researchers observed an emerging, financially motivated ...

Christian Wenz explains why the Backends for Frontends (BFF) pattern is emerging as a more secure authentication model for single-page applications.