Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...
Information Age

Australian Microsoft users warned of code phishing threat

Australia’s national cybersecurity agency says users of Microsoft 365 software should be wary of a "growing threat" from unexpected device code requests, as cybercriminals exploit legitimate Microsoft ...
Windows Report

Tycoon2FA Returns With New Microsoft 365 Device-Code Phishing Attacks

Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login flows.
ITWire

Device codes are the new frontier for phishing as Barracuda detects 7 million attacks in four weeks

GUEST RESEARCH: Device code phishing has advantages over traditional credential phishing in stealth, persistence and evasion New research from Barracuda provides step-by-step insight into how ...

Microsoft Confirms New And Widespread 2FA Code Attacks Ongoing

The Microsoft Defender Security Research Team has confirmed that a pervasive new authentication code attack is compromising hundreds of organizations daily.
Hosted on MSN

The growing threat of device code phishing and how to defend against It

Just as we think we’re getting one step ahead of cybercriminals, they find a new way to evade our defenses. The latest method causing trouble for security teams is that of device code phishing, a ...
Ars Technica

Russian spies use device code phishing to hijack Microsoft accounts

Overlooked attack method used since last August in a rash of account takeovers. Well, this sucks. But the target list makes sense, from the perspective of an enemy attacking. Ed: trying to be sure the ...