Device code phishing attacks surge 37x as new kits spread online

Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more ...
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.
The Hacker News

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Device code phishing targets 340+ Microsoft 365 orgs since Feb 2026 via OAuth abuse, enabling persistent token hijacking and ...
Bleeping Computer

OAuth Device Code Phishing: Azure vs. Google Compared

Come along with me on a journey as we delve into the swirling, echoing madness of identity attacks. Today, I present a case study on how different implementations of OAuth 2.0, the core authentication ...
Yahoo

Your Guide to Activating iCloud Two-Factor Authentication for Extra Security

Two-factor authentication adds a barrier between whoever's logging in and the account by requiring authentication in two ways, such as a computer and phone. This ...

ENFORCEAUTH IDENTIFIES AUTHORIZATION FAILURES AS ROOT CAUSE OF ANTHROPIC’S THREE SECURITY INCIDENTS IN FIVE DAYS

Analysis Shows Production-Deployable Rego Policies Would Have Prevented CMS Data Exposure, 500K-Line Source Code Leak, ...
Tidbits

AppBITS: Proton Authenticator Takes on 2FA Apps

In “Two-Factor Authentication, Two-Step Verification, and 1Password” (10 July 2023), I explained that for true two-factor authentication, you needed to acquire your time-based one-time password (TOTP) ...
The Indianapolis Star

EnforceAuth AI Security Fabric to Combat the ‘Politeness Trap’ in Enterprise AI

EnforceAuth Identifies the “Politeness Trap,” Warning Enterprises of Critical AI Security Blind Spot SAN DIEGO, CA, UNITED STATES, March 2, 2026 /EINPresswire.com ...