The Rise of OAuth Device Code Phishing: A New Threat to MFA Security
The Evolution of Identity Theft Cybersecurity researchers have identified a surge in sophisticated phishing attacks targeting Microsoft 365 environments by exploiting OAuth device code flows to bypass Multi-Factor Authentication (MFA). Throughout late 2023 and early 2024, threat actors have increasingly utilized this method to hijack enterprise accounts, prompting urgent warnings from security firms including Proofpoint…