Add Yahoo as a preferred source to see more of our stories on Google. Microsoft users warned of EvilTokens 2FA code attacks. NurPhoto via Getty Images If you have yet to hear of the EvilTokens ...

Compare the best multi-factor authentication software in 2026. See which MFA tools offer adaptive security, easy setup, and real customer identity protection.

Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. In this type of attack, the threat actor sends a ...

A new phishing-as-a-service (PhaaS) campaign is abusing Microsoft’s device code authentication flow to gain unauthorized access to user accounts. Sekoia researchers first spotted the toolkit ...

The Microsoft Defender Security Research Team has confirmed that a pervasive new authentication code attack is compromising hundreds of organizations daily.

A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise attacks.

T-Mobile’s T-Life app appears to be preparing support for QR-based device pickups. Users would just have to display their QR code in order to retrieve hardware waiting for them in T-Mobile stores. Not ...

Instead of stealing passwords, attackers trick users into granting access themselves — using real login systems and AI-driven deception. Why does it matter? This marks a shift from stealing passwords ...