An active campaign in which attackers are abusing Microsoft’s OAuth 2.0 Device Authorization Grant (device code) flow to take over Microsoft 365 accounts. Rather than capturing credentials with a fake login page, the threat actors persuade victims to complete a genuine Microsoft authentication process that, unbeknownst to them, authorizes an attacker-controlled “device.” The result: fully […]
The post Hackers Abuse Microsoft OAuth Device Code Flow to Take Over Microsoft 365 Accounts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Read the original article: