Hackers target Microsoft Entra accounts in device code vishing attacks

Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device ...
Tech Digest

Microsoft 365 users targeted in sophisticated ‘vishing’ attack

Hackers have launched a massive campaign targeting Microsoft 365 and Entra ID (formerly Azure AD) users in a phishing and vishing attack.
Neowin

Microsoft changes hit Teams Android devices: Disable Entra ID policy to restore sign-in

Microsoft has enabled a new policy in Entra ID that has caused many Teams-certified Android devices to be logged out, here's how to log them in again. As part of its Secure Future Initiative, ...
Ars Technica

What is device code phishing, and why are Russian spies so successful at it?

Researchers have uncovered a sustained and ongoing campaign by Russian spies that uses a clever phishing technique to hijack Microsoft 365 accounts belonging to a wide range of targets, researchers ...