Vendor

DocuSign

2 briefs RSS

EvilTokens PhaaS Platform Leverages AI for Device Code Phishing Attacks

The EvilTokens phishing-as-a-service (PhaaS) platform sold on Telegram is capable of launching device code phishing attacks at scale, leveraging AI to generate convincing and personalized lures, enabling aspiring cybercriminals to bypass traditional security measures, including MFA.

Microsoft 365 +6 phishing device code phishing AI Telegram

2r 2t 2i May 14, 2026

high threat

Device Code Phishing Exploiting OAuth 2.0 Device Authorization Grant Flow

2 rules 5 TTPs

Threat actors are increasingly using device code phishing, often via Phishing-as-a-Service platforms, to compromise user accounts by abusing the OAuth 2.0 device authorization grant flow and capturing authentication tokens, enabling account takeover, data theft, and business email compromise.

Microsoft 365 +3 TA4903 device-code-phishing phishing credential-theft oAuth

2r 5t May 14, 2026