WinBuzzer

Microsoft 365 Phishing Surge: Attackers Weaponize Legitimate Device Code Flow to Bypass MFA

Cybercriminals have launched a widespread phishing campaign exploiting Microsoft's OAuth device code flow to bypass MFA and ...
Bleeping Computer

Microsoft Sway abused in massive QR code phishing campaign

A massive QR code phishing campaign abused Microsoft Sway, a cloud-based tool for creating online presentations, to host landing pages to trick Microsoft 365 users into handing over their credentials.

2FA Code Attacks Surge As Russian Hackers Target Microsoft Users

Hackers thought to be aligned with China and Russia are suspected to be behind a wave of account takeover attacks targeting Microsoft 365 users.
Bleeping Computer

New Rockstar 2FA phishing service targets Microsoft 365 accounts

A new phishing-as-a-service (PhaaS) platform named 'Rockstar 2FA' has emerged, facilitating large-scale adversary-in-the-middle (AiTM) attacks to steal Microsoft 365 credentials. Like other AiTM ...
Forbes

New Microsoft 2FA Bypass Attack Warning—Dangerous And Sneaky, Act Now

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. A cybercrime group known as Sneaky Log has been selling a ...