OAuth Phishing, Foreign Router Risks, and the Rise of Identity-Based Cyber Attacks

The report highlights a broad shift in attacker behavior toward exploiting trusted workflows and identity controls rather than traditional perimeter breaches: specifically calling out a phishing campaign that abuses OAuth device authentication flows to bypass MFA and obtain persistent tokens, concerns about supply-chain risk in network hardware, and data showing identity-based attacks and misconfigurations as primary initial access vectors. It recommends auditing device/application access, restricting device authentication flows, strengthening identity as a control plane, and improving patching and configuration hygiene to align defenses with how attacks occur today.