logo

Defending the Authentication Flow: Device Code Phishing with Selena Larson

ID: 2bdd7df6-92cd-5cad-b0c0-353d63c422a6

STIX ID: report--2bdd7df6-92cd-5cad-b0c0-353d63c422a6

Feed Name: The CyberWire

Threat Score
70/100

Date Published: 2026-06-30

Date Updated: 2026-07-02

...
...

This report discusses the operational mechanics and rising commercialization of device-code phishing campaigns that abuse Microsoft OAuth workflows to harvest credentials and perform account takeovers; it notes leaked phishing kit source code in late 2025 that has democratized sophisticated identity attacks and offers concrete defensive measures (conditional access policies, strict device compliance) to mitigate unauthorized authentication and lateral pivoting through trusted supplier networks.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.