Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more ...

A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft ...

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.

EvilTokens, a newly identified phishing-as-a-service operation, is offering cybercriminals a ready-made way to hijack Microsoft accounts by abusing a legitimate sign-in process rather than stealing ...

Device codes are alphanumeric or numeric codes employed for authenticating an account on a device that does not have a standard login interface, such as a browser or input-limited devices, where it is ...