A new phishing-as-a-service (PhaaS) campaign is abusing Microsoft’s device code authentication flow to gain unauthorized access to user accounts. Sekoia researchers first spotted the toolkit ...
The FBI warns about Kali365, a phishing scam targeting Microsoft 365 accounts that can bypass multifactor authentication ...
The FBI has issued a Public Service Announcement about a new scam stealing Outlook and Microsoft Teams accounts used by millions of Americans.
The FBI warned that Kali365 can hijack Microsoft 365 accounts by abusing device code authentication and capturing OAuth tokens. A new phishing service is turning a legitimate Microsoft login process ...
Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...