WinBuzzer

Microsoft 365 Phishing Surge: Attackers Weaponize Legitimate Device Code Flow to Bypass MFA

Cybercriminals have launched a widespread phishing campaign exploiting Microsoft's OAuth device code flow to bypass MFA and ...
The Hacker News

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

A Russia-aligned threat group uses Microsoft 365 device code phishing to steal credentials and take over accounts, tracked ...

State actors are abusing OAuth device codes to get full M365 account access - here's what we know

Cybercriminals, including state-sponsored threat actors, are increasingly abusing Microsoft’s OAuth 2.0 device code ...
Dark Reading

Beware of Device Code Phishing

Device codes are alphanumeric or numeric codes employed for authenticating an account on a device that does not have a standard login interface, such as a browser or input-limited devices, where it is ...

WhatsApp device linking abused in account hijacking attacks

Threat actors are abusing the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes in a campaign ...
Deccan Chronicle

Don’t Share OTPs, Codes With ‘Ghosts’

To protect themselves from the ghost attack, TGCSB director Shikha Goel asked people not to share OTP, PIN, CVV, or WhatsApp ...
Ars Technica

Russian spies use device code phishing to hijack Microsoft accounts

Overlooked attack method used since last August in a rash of account takeovers. Well, this sucks. But the target list makes sense, from the perspective of an enemy attacking. Ed: trying to be sure the ...
Cybernews

Hackers find a simple trick to access WhatsApp accounts: linking a new device

Hackers are tricking WhatsApp users into unknowingly entering a code that links the attacker's device to their account, ...