Microsoft Confirms New And Widespread 2FA Code Attacks Ongoing

The Microsoft Defender Security Research Team has confirmed that a pervasive new authentication code attack is compromising ...
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.
Yahoo

One Million Two-Factor Authentication Codes Were Recently Exposed

One-time SMS codes are widely used as the second checkpoint in two-factor authentication (2FA) to sign into everything from banking apps to email accounts. As I've written before, though, SMS is one ...

Hundreds of orgs compromised daily in Microsoft device code phishing attacks

Hundreds of organizations have been compromised daily by a Microsoft device-code phishing campaign that uses AI and ...
CSO Online

EvilTokens abuses Microsoft device code flow for account takeovers

The phishing-as-a-service toolkit leverages legitimate authentication to capture tokens and access Microsoft 365 services.

Device code phishing attacks surge 37x as new kits spread online

Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more ...
Tidbits

Reacting to Unsolicited Two-Factor Authentication Codes

I have long encouraged the use of two-factor authentication (2FA) or two-step verification (2SV) with online accounts whenever possible (for more about the difference, see “Two-Factor Authentication, ...
Android Police

Fight me: Google's new QR code authentication should be the standard

Jon has been an author at Android Police since 2021. He primarily writes features and editorials covering the latest Android news, but occasionally reviews hardware and Android apps. His favorite ...