When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website

The OAuth 2.0 Device Authorization Grant specification was designed to streamline authentication for Smart TVs, IoT devices, and printers. Today, threat actors are weaponizing it. Continue reading When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website

When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website

The OAuth 2.0 Device Authorization Grant specification was designed to streamline authentication for Smart TVs, IoT devices, and printers. Today, threat actors are weaponizing it. Continue reading When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website

The evolving landscape of email phishing attacks: how threat actors are reusing and refining established techniques

Common email phishing tactics in 2025 include PDF attachments with QR codes, password-protected PDF documents, calendar phishing, and advanced websites that validate email addresses. Continue reading The evolving landscape of email phishing attacks: how threat actors are reusing and refining established techniques