Tag

Device-Code Phishing

3 briefs RSS

Tycoon2FA Phishing Kit Targets Microsoft 365 Accounts with Device-Code Phishing

The Tycoon2FA phishing kit now supports device-code phishing attacks targeting Microsoft 365 accounts, abusing Trustifi click-tracking URLs, redirecting victims through Cloudflare Workers to a fake Microsoft CAPTCHA page, tricking them into entering a device code, and granting attackers OAuth tokens and access to their Microsoft 365 accounts.

Microsoft 365 +2 phishing device-code phishing oauth tycoon2fa

2r 2t May 17, 2026

high advisory

EvilTokens PhaaS Platform Leverages AI for Device Code Phishing Attacks

2 rules 2 TTPs 2 IOCs

The EvilTokens phishing-as-a-service (PhaaS) platform sold on Telegram is capable of launching device code phishing attacks at scale, leveraging AI to generate convincing and personalized lures, enabling aspiring cybercriminals to bypass traditional security measures, including MFA.

Microsoft 365 +6 phishing device code phishing AI Telegram

2r 2t 2i May 14, 2026

high threat

Device Code Phishing Exploiting OAuth 2.0 Device Authorization Grant Flow

2 rules 5 TTPs

Threat actors are increasingly using device code phishing, often via Phishing-as-a-Service platforms, to compromise user accounts by abusing the OAuth 2.0 device authorization grant flow and capturing authentication tokens, enabling account takeover, data theft, and business email compromise.

Microsoft 365 +3 TA4903 device-code-phishing phishing credential-theft oAuth

2r 5t May 14, 2026