Skip to content
ANY.RUN’s analysts are observing a sharp increase in phishing activity abusing Microsoft’s OAuth Device Code flow, with more than 180 phishing URLs detected in just one week. This technique represents a shift from credential phishing to token-based account takeover, making detection significantly harder for many SOC teams. Key Takeaways - OAuth Device Code phishing is rising rapidly. Campaigns abu...
OAuth Device Code Phishing: A New Microsoft 365 Account Breach Vector | Huntaegis