New phishing campaign tricks employees into bypassing Microsoft 365 MFA

Unwitting employees register a hacker’s device to their account; the crook then uses the resulting OAuth tokens to maintain persistent access.

Hackers target Microsoft Entra accounts in device code vishing attacks

Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device ...
CSOonline

Trivial Telnet authentication bypass exposes devices to complete takeover

The 11-year-old vulnerability likely impacts many devices that are no longer supported — and presents easy exploit even for those that are. Computers with Telnet open are in immediate danger of being ...
Reuters

Exclusive: India proposes forcing smartphone makers to give source code in security overhaul

NEW DELHI, Jan 12 (Reuters) - India proposes requiring smartphone makers to share source code with the government and make several software changes as part of a raft of security measures, prompting ...
Windows Report

Beware! Hackers Are Exploiting OAuth Device Code to Scam Microsoft 365 Users

Hackers are abusing a legitimate Microsoft authentication feature to break into enterprise Microsoft 365 accounts, even when multifactor authentication is enabled. Security researchers warn that ...
Forbes

2FA Code Attacks Surge As Russian Hackers Target Microsoft Users

Microsoft 365 is under attack, China and Russia afflited hackers suspected. Updated December 23 with advice from a mobile security solutions expert regarding the Russian device code attacks targeting ...
bitnewsbot

Russia-Linked Group Uses Device Code Phishing to Steal M365 Credentials

Since September 2025, a suspected Russia-aligned group known as UNK_AcademicFlare has executed a phishing campaign targeting Microsoft 365 credentials. The campaign mainly impacts entities in ...
Infosecurity-magazine.com

OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...
Macworld

Leaked code spills details of mystery Apple smart home accessory

Macworld reports that leaked internal code reveals Apple’s mystery smart home accessory codenamed ‘J229’, expected to launch in spring 2026. The device appears to be a security camera with multiple ...
Wall Street Journal

Sam Altman’s Sprint to Correct OpenAI’s Direction and Fend Off Google

When OpenAI CEO Sam Altman made the dramatic call for a “code red” last week to beat back a rising threat from Google, he put a notable priority at the top of his list of fixes. The world’s most ...
CNBC

More companies are shifting workers to passwordless authentication

To join the CNBC Technology Executive Council, go to cnbccouncils.com/tec No one likes passwords, whether workers or cybersecurity leaders. Now, more companies are ...
Android Authority

Google Wallet may lift syncing restrictions for certain types of passes

Google Wallet’s “private passes” — government IDs, health insurance cards, et cetera — don’t currently sync between devices. Code found in Google Play services indicates that may be changing. It’s ...