Cybercriminals, including state-sponsored threat actors, are increasingly abusing Microsoft’s OAuth 2.0 device code authentication flow to take over Microsoft 365 accounts.

A Russia-aligned threat group uses Microsoft 365 device code phishing to steal credentials and take over accounts, tracked ...

Financially motivated and nation-state threat groups are behind a surge in the use of device code phishing attacks that abuse Microsoft's legitimate OAuth 2.0 device authorization grant flow to trick ...

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat ...

I have long encouraged the use of two-factor authentication (2FA) or two-step verification (2SV) with online accounts whenever possible (for more about the difference, see “Two-Factor Authentication, ...

Update, Feb. 26, 2025: This story, originally published Feb. 23, now includes additional commentary regarding the potential security implications of the decision to deprecate SMS from the Gmail ...

A password alone will not protect sensitive information from hackers--two-factor authentication is also necessary. Here's what security pros and users need to know about two-factor authentication.

Jason Cipriani is based out of beautiful Colorado and has been covering mobile technology news and reviewing the latest gadgets for the last six years. His work can also be found on sister site CNET ...