CSO Online

EvilTokens abuses Microsoft device code flow for account takeovers

The phishing-as-a-service toolkit leverages legitimate authentication to capture tokens and access Microsoft 365 services.

New EvilTokens service fuels Microsoft device code phishing attacks

A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft ...

Claude Code source leak reveals how much info Anthropic can hoover up about you and your system

For those who recall the debate surrounding Microsoft Recall not long ago, Claude Code's capture of activity is similar.
Arabian Post

EvilTokens turns Microsoft sign-ins into bait

EvilTokens, a newly identified phishing-as-a-service operation, is offering cybercriminals a ready-made way to hijack Microsoft accounts by abusing a legitimate sign-in process rather than stealing ...
The Hacker News

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Device code phishing targets 340+ Microsoft 365 orgs since Feb 2026 via OAuth abuse, enabling persistent token hijacking and ...
GitHub

Device Code Phishing Operator Console — a self-hosted platform for conducting Microsoft OAuth2 Device Authorization Grant attacks during authorized red team assessments.

The Microsoft Device Authorization Grant (RFC 8628) is an OAuth2 flow designed for input-constrained devices (TVs, printers, CLI tools) that cannot open a browser. ENTRAITH abuses this flow against ...
Wired

This Jammer Wants to Block Always-Listening AI Wearables. It Probably Won’t Work

A new startup called Deveillance (pronounced dee-veil-ance) announced its first-ever gadget earlier this week—a sleek, portable tabletop orb that aims to jam nearby devices from recording voices.
Windows Report

Microsoft Authenticator Will Block Rooted Android and Jailbroken iOS Devices in 2026

Microsoft continues tightening security across its services, and Microsoft Authenticator is the latest tool to receive new protections. According to Windows Latest, the company will soon detect rooted ...
ZDNet

3 tiny gadgets I trust to block electrical surges, data-stealing software, and more

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...
AOL

The FBI Says These Smart Home Devices Are Unsafe, And Here's Why

Close-up on a woman controlling the temperature of her smart home using a mobile app on a digital tablet - Andresr/Getty Images Smart home devices are supposed to make residences more efficient, ...
coinpaper

Block Times vs Reality: BTC, LTC, and ETH in Today’s Payment Flow

When it comes to crypto, people often ask which coin is faster, but speed is rarely just block time. What you feel as fast is a mix of two different elements: how quickly a platform releases a ...
winbuzzer.com

Hackers Hijack Microsoft Entra Accounts via Device Code Phishing

Hackers are hijacking Microsoft enterprise accounts by abusing a legitimate device-code authentication feature, tricking victims into entering attacker-generated codes on Microsoft’s own login portal.