Cyber Security

EvilTokens ramps up device code phishing targeting Microsoft 365 users

EvilTokens ramps up device code phishing targeting Microsoft 365 users

Security researchers report a notable increase in device code phishing activity aimed at Microsoft 365 users, and have attributed this rise to the availability of EvilTokens, a new, specialized phishing toolkit that’s being offered as-a-service via Telegram. What is device code phishing? Device code phishing is a type of attack where attackers trick users into logging into their account by using a real authentication flow, then steal their access and refresh tokens. Microsoft provides the … More

The post EvilTokens ramps up device code phishing targeting Microsoft 365 users appeared first on Help Net Security.

Read More

Related Posts

Axios npm packages backdoored in supply chain attack

Axios npm packages backdoored in supply chain attack

The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority

The AI Arms Race – Why Unified Exposure Management Is B...

New Bitdefender assessment helps organizations identify and eliminate hidden internal attack paths

New Bitdefender assessment helps organizations identify...

DoControl provides security coverage for Google Gemini Gems

DoControl provides security coverage for Google Gemini ...

Foxit flags hidden security risks in PDFs with new tool

Foxit flags hidden security risks in PDFs with new tool

Apple counters ClickFix attacks with macOS Terminal warning

Apple counters ClickFix attacks with macOS Terminal war...