Hackers Abuse OAuth Device Authorization Flow to Steal Microsoft 365 Tokens

📅 15 May 2026 at 14:53 UTC📰 Cyber Security NewsView original source ↗

Hackers are exploiting a little-known feature of Microsoft’s authentication system to steal account credentials at scale. Device code phishing campaigns now target organizations worldwide by manipulating the OAuth device authorization flow, turning a security feature into a major vulnerability. This emerging threat has surged dramatically since late 2024, catching security teams unprepared for attacks that […] The post Hackers Abuse OAuth Device Authorization Flow to Steal Microsoft 365 Tokens appeared first on Cyber Security News.

Read the full article

This is a curated summary. The complete article is available at Cyber Security News.

Read on Cyber Security News ↗

← Back to feed