Defending the Authentication Flow: Device Code Phishing with Selena Larson
ID: 7894f2ab-5cc6-5516-820e-af855baf2ff9
STIX ID: report--7894f2ab-5cc6-5516-820e-af855baf2ff9
Feed Name: Proofpoint Blog
Threat Score
This podcast episode describes how adversaries exploit Microsoft OAuth/device-code authentication workflows in device-code phishing campaigns, highlights the impact of leaked criminal kits (late 2025) that have commercialized these techniques, analyzes attacker behaviors including BEC, credential harvesting and account takeover jumping, and provides prescriptive defenses such as conditional access policies and strict device compliance to block unauthorized authentication.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
