ANY.RUN’s analysts are observing a sharp increase in phishing activity abusing Microsoft’s OAuth Device Code flow, with more than 180 phishing URLs detected in just one week.
This technique represents a shift from credential phishing to token-based account takeover, making detection significantly harder for many SOC teams.
Key Takeaways
- OAuth Device Code phishing is rising rapidly. Campaigns abu...
