When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website
The OAuth 2.0 Device Authorization Grant specification was designed to streamline authentication for Smart TVs, IoT devices, and printers. Today, threat actors are weaponizing it. Continue reading When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website