The Trusted Trap: How Hackers Weaponize Microsoft’s Own Login Flows to Bypass MFA
Proofpoint is warning of a surge in phishing attacks in which attackers hijack corporate Microsoft 365 accounts not through fake login pages, but via a perfectly legitimate OAuth mechanism—device code authorization. Victims are persuaded...
