Device code phishing attacks surge 37x as new kits spread online

Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more ...
Dark Reading

Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing

In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate ...
Dark Reading

Beware of Device Code Phishing

Device codes are alphanumeric or numeric codes employed for authenticating an account on a device that does not have a standard login interface, such as a browser or input-limited devices, where it is ...
Hosted on MSN

State actors are abusing OAuth device codes to get full M365 account access - here's what we know

Proofpoint reports phishing surge abusing Microsoft OAuth 2.0 device code flow Victims enter codes on real Microsoft domains, granting attackers access tokens Proofpoint advises blocking device code ...
Android Authority

Find My Device may soon let you find your Pixel phone even when it's off

Find My Device helps you locate your lost Android device or accessory. At the moment, it requires the device to be online and powered on to report its location. This caveat could go away soon, though, ...
Android Authority

Google's Find My Device could soon get UWB and AR upgrades (APK teardown)

Code within the Find My Device app suggests that Google is working on adding support for UWB tech to the network. We’ve also found code referencing AR actions, which speculatively ties in nicely with ...
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.