A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise attacks.

Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. In this type of attack, the threat actor sends a ...

The FBI warned that Kali365 can hijack Microsoft 365 accounts by abusing device code authentication and capturing OAuth tokens.

Microsoft’s latest email threat report shows a 146% rise in QR code phishing attacks in Q1 2026, as attackers adapt to bypass enterprise defenses. The shift exploits mobile devices to evade ...

The Federal Bureau of Investigation has issued a warning about a growing cyber threat that turns everyday QR codes into spying tools. According to the bureau, a North Korean government-sponsored ...

Microsoft 365 is under attack, China and Russia afflited hackers suspected. Updated December 23 with advice from a mobile security solutions expert regarding the Russian device code attacks targeting ...

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This voice experience is generated by AI. Learn more. This ...

Microsoft flagged 8.3 billion phishing emails as attackers turned to QR codes, fake CAPTCHAs, PhaaS kits, and file-based payloads. Microsoft flagged 8.3 billion phishing emails in just three months.

In the wake of a major takedown of phishing's biggest brand name, Tycoon 2FA, phishers worldwide have scattered. Some have stuck around, but many have moved to other phishing service providers, and ...

Instead of stealing passwords, attackers trick users into granting access themselves — using real login systems and AI-driven deception. Why does it matter? This marks a shift from stealing passwords ...

Microsoft’s latest Email Threat Landscape report shows a 146% rise in QR code phishing in Q1 2026, with attackers increasingly embedding malicious codes directly into emails to evade security tools.