Live
Telegram Phishing Service ‘Forg365’ Exploits Microsoft’s Device Code Flow to Steal Sessions·MSFT +0.1%ARToken Panel: How a React-Based Phishing Kit Is Hijacking Microsoft 365 Sessions via Device Code Attacks·NVDA +3.0%FBI Alert: Kali365 Phishing Kit Bypasses MFA via Device Code Phishing on Microsoft 365·GOOGL +1.2%FBI Warns Kali365 Phishing Kit Exploits Microsoft Device Code Flow to Slip Past MFA·AMZN +2.9%FBI Warns of Kali365 Phishing Platform Hijacking Microsoft 365 via Device Code Attacks·MSFT +0.1%FBI Warns Kali365 Phishing Steals OAuth Tokens to Bypass MFA in Microsoft 365·NVDA +3.0%Windows Defeats AiTM Phishing with Passwordless Auth & Conditional Access·GOOGL +1.2%Russian Hackers Exploit OAuth 2.0 in Microsoft 365 'Midnight Blizzard' Attack·AMZN +2.9%Telegram Phishing Service ‘Forg365’ Exploits Microsoft’s Device Code Flow to Steal Sessions·MSFT +0.1%ARToken Panel: How a React-Based Phishing Kit Is Hijacking Microsoft 365 Sessions via Device Code Attacks·NVDA +3.0%FBI Alert: Kali365 Phishing Kit Bypasses MFA via Device Code Phishing on Microsoft 365·GOOGL +1.2%FBI Warns Kali365 Phishing Kit Exploits Microsoft Device Code Flow to Slip Past MFA·AMZN +2.9%FBI Warns of Kali365 Phishing Platform Hijacking Microsoft 365 via Device Code Attacks·MSFT +0.1%FBI Warns Kali365 Phishing Steals OAuth Tokens to Bypass MFA in Microsoft 365·NVDA +3.0%Windows Defeats AiTM Phishing with Passwordless Auth & Conditional Access·GOOGL +1.2%Russian Hackers Exploit OAuth 2.0 in Microsoft 365 'Midnight Blizzard' Attack·AMZN +2.9%

Device Code Phishing

The latest Device Code Phishing coverage — news, analysis, and updates from the WindowsNews.AI desk.

12 stories in view AI assisted desk updated 11:27 AM
Latest Most Read Breaking
Sort
Adversary-in-the-middle · Cloud Identity Security

Telegram Phishing Service ‘Forg365’ Exploits Microsoft’s Device Code Flow to Steal Sessions

Cybercriminals have weaponized Microsoft’s own device code authentication flow to hijack Microsoft 365 sessions, and a new phishing-as-a-service kit called Forg365 is making the attack accessible...

Advertisement
Device Code Phishing · Kali365 Phishing

FBI Warns of Kali365 Phishing Platform Hijacking Microsoft 365 via Device Code Attacks

The FBI has issued an urgent public warning about Kali365, a phishing-as-a-service platform that weaponizes device code authentication to steal Microsoft 365 access tokens. The alert, released in May...

SE Security Desk·6w ago
Conditional Access · Device Code Phishing

FBI Warns Kali365 Phishing Steals OAuth Tokens to Bypass MFA in Microsoft 365

The FBI has issued an urgent public warning about a phishing-as-a-service platform called Kali365 that is systematically targeting Microsoft 365 accounts by abusing device-code authentication. The...

SE Security Desk·6w ago
Aitm Phishing · Artificial Intelligence In Phishing

Windows Defeats AiTM Phishing with Passwordless Auth & Conditional Access

In today's digital landscape, identity has become the new perimeter for enterprise security. As organizations increasingly adopt cloud services and remote work models, cybercriminals are shifting...

AI AI & Copilot Desk·59w ago
Cloud Security · Cyber Defense

Russian Hackers Exploit OAuth 2.0 in Microsoft 365 'Midnight Blizzard' Attack

The digital battlegrounds of cloud security witnessed a sophisticated escalation this summer as Russian state-sponsored hackers orchestrated a novel attack exploiting inherent weaknesses in OAuth 2.0...

SE Security Desk·63w ago
Aitm Attacks · Attack Detection

Microsoft 365 BEC Attacks Surge: How Hackers Exploit Collaboration Tools

For Microsoft 365's 345 million global users, the familiar ping of an email notification now carries unprecedented risk. A new wave of Business Email Compromise (BEC) attacks is exploiting the...

SE Security Desk·69w ago
Cybersecurity · Device Code Phishing

Russian Hackers Exploit Microsoft OAuth in Storm-2372 Phishing Campaign

Russian state-sponsored hackers have unleashed a sophisticated phishing campaign exploiting a legitimate Microsoft authentication feature, marking a dangerous evolution in cloud account hijacking...

SE Security Desk·73w ago
Conditional Access · Cybersecurity

Securing Windows with Microsoft Entra: How to Combat Device Code Phishing Attacks

Microsoft Entra (formerly Azure Active Directory) is revolutionizing Windows security by introducing advanced protections against device code phishing—a growing threat in enterprise environments....

SE Security Desk·73w ago
Cybersecurity · Device Code Phishing

Storm-2372 device-code phishing bypasses MFA in Microsoft Teams attacks

Microsoft Teams has become the latest target in a sophisticated phishing campaign dubbed Storm-2372, putting millions of users at risk. Cybersecurity researchers have uncovered a new device code...

SE Security Desk·73w ago