Topic: device code phishing

Sort by: Relevance | Date
  • Microsoft 365 Users Hit by Sneaky Device Code Phishing
    December 20, 2025

    Microsoft 365 Users Hit by Sneaky Device Code Phishing

    Attackers are exploiting Microsoft's device code authorization flow to bypass multi-factor authentication, tricking users into granting account access via fraudulent login portals. The campaigns are scaled using readily available red team tools like Squarephish and Graphish, which automate phishi...

    Read More »
  • 2025 Phishing Trends: Protect Your Security Strategy Now
    December 16, 2025

    2025 Phishing Trends: Protect Your Security Strategy Now

    Phishing in 2025 became more sophisticated and identity-focused, with attacks increasingly occurring outside of email through channels like LinkedIn and manipulated search results to bypass traditional security filters. The rise of Phishing-as-a-Service kits enables real-time attacks that can byp...

    Read More »
  • Phishing-Resistant Authentication: How Hackers Still Bypass It
    July 31, 2025

    Phishing-Resistant Authentication: How Hackers Still Bypass It

    Phishing-resistant authentication methods like passkeys and FIDO2-based systems (e.g., YubiKeys) improve security, but attackers exploit weaknesses such as downgrade attacks to bypass them. Emerging threats like device code phishing, consent phishing, and verification phishing target vulnerabilit...

    Read More »

Related Topics

consent phishing (2) phishing-as-a-service (1) conditional access policies (1) omni-channel phishing (1) passkeys fido2-based authentication (1) red team tools (1) non-email vectors (1) downgrade attacks (1)