A recent surge in phishing attacks abuses Microsoft's OAuth Device Code flow, allowing hackers to hijack corporate Microsoft 365 accounts without stealing passwords by tricking victims into authenticating on legitimate Microsoft login pages. This token-based technique is difficult to detect with traditional tools and enables attackers to access sensitive corporate data, but solutions like ANY.RUN’s SSL decryption and interactive sandbox analysis provide earlier visibility and help security teams respond faster to these sophisticated threats.
https://cyberpress.org/new-alert-hackers-hijack-corporate-m365-accounts-with-oauth-device-codes/

