Microsoft 365 Phishing Panel Uses OAuth Device Code Flow to Capture Tokens and Persist Access

A newly uncovered phishing panel called ARToken is giving cybercriminals an easy way to steal Microsoft 365 login sessions without ever touching a password. The tool works by abusing a legitimate Microsoft sign in feature meant for devices without a keyboard or browser, tricking victims into approving a login on the attacker’s behalf. Once that […]

The post Microsoft 365 Phishing Panel Uses OAuth Device Code Flow to Capture Tokens and Persist Access appeared first on Cyber Security News.

This article has been indexed from Cyber Security News

Read the original article: