CSO Online

EvilTokens abuses Microsoft device code flow for account takeovers

The phishing-as-a-service toolkit leverages legitimate authentication to capture tokens and access Microsoft 365 services.

Microsoft 365 Under Siege: Phishing Campaign Bypasses MFA Across 5 Countries

A global phishing campaign targeting Microsoft 365 bypasses security codes using a legitimate login feature, impacting ...

Microsoft’s AI Security Partnerships Test Copilot Thesis And Long‑Term Returns

Microsoft is deepening its AI security ecosystem with new integrations alongside Commvault, Rubrik, XBOW, UiPath, and RSA ...
The Hacker News

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Device code phishing targets 340+ Microsoft 365 orgs since Feb 2026 via OAuth abuse, enabling persistent token hijacking and ...
Neowin

Microsoft and HID partner to enable physical access cards for multi-factor authentication

Microsoft and HID have partnered to simplify multi-factor authentication (MFA) for enterprise employees by using HID physical access cards. Microsoft and HID, a leading identity solutions company, ...
TWCN Tech News

Locked out of the Microsoft 365 admin account? What to do?

Being locked out of your Microsoft 365 administrator account can be a stressful experience, as it prevents you from managing users and services. This typically occurs due to security features, such as ...
Bleeping Computer

New Rockstar 2FA phishing service targets Microsoft 365 accounts

A new phishing-as-a-service (PhaaS) platform named 'Rockstar 2FA' has emerged, facilitating large-scale adversary-in-the-middle (AiTM) attacks to steal Microsoft 365 credentials. Like other AiTM ...

Everything New in the Latest Microsoft 365 Update

Microsoft 365 adds granular OneDrive and SharePoint restore, retires one-time passcodes for sharing, and updates Intune ...