Microsoft Confirms New And Widespread 2FA Code Attacks Ongoing

The Microsoft Defender Security Research Team has confirmed that a pervasive new authentication code attack is compromising ...
IEEE

Radio-Frequency Fingerprint-Tag-Based Device Authentication for Massive Random Access

Abstract: IoT devices possess a radio-frequency fingerprint (RFF) due to inherent variations in manufacturing, making it device-specific and difficult to alter. This unique RFF, derived from RF ...
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.
The New York Times

A Phone-Free Childhood? One Irish Village Is Making It Happen.

Tired of seeing its elementary-school children struggle with online temptations, the town of Greystones proposed a ‘no smart devices’ code. Most everyone bought in. The seaside town of Greystones, ...
The Hacker News

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, ...
AOL

The FBI Says These Smart Home Devices Are Unsafe, And Here's Why

Close-up on a woman controlling the temperature of her smart home using a mobile app on a digital tablet - Andresr/Getty Images Smart home devices are supposed to make residences more efficient, ...
winbuzzer.com

Hackers Hijack Microsoft Entra Accounts via Device Code Phishing

Hackers are hijacking Microsoft enterprise accounts by abusing a legitimate device-code authentication feature, tricking victims into entering attacker-generated codes on Microsoft’s own login portal.
Bleeping Computer

Hackers target Microsoft Entra accounts in device code vishing attacks

Once the user signs in, the device is able to get access tokens and refresh tokens as needed." This authentication flow is similar to what you see when logging into a streaming service, such as ...
CSOonline

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...
Forbes

2FA Code Attacks Surge As Russian Hackers Target Microsoft Users

Microsoft 365 is under attack, China and Russia afflited hackers suspected. Updated December 23 with advice from a mobile security solutions expert regarding the Russian device code attacks targeting ...
bitnewsbot

Russia-Linked Group Uses Device Code Phishing to Steal M365 Credentials

Since September 2025, a suspected Russia-aligned group known as UNK_AcademicFlare has executed a phishing campaign targeting Microsoft 365 credentials. The campaign mainly impacts entities in ...