A new phishing campaign exploiting Microsoft’s OAuth 2.0 Device Authorization Grant flow to gain unauthorized and persistent access to Microsoft 365 accounts. The sophisticated attack active since December 2025 specifically targets professionals and enterprises in North America, with over 44% of identified victims based in the United States. Sectors hit hardest include technology, manufacturing, and […]

The post Ongoing Campaign Targets Microsoft 365 to Steal OAuth Tokens for Persistent Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.