Microsoft 365 Phishing Panel Uses OAuth Device Code Flow to Capture Tokens and Persist Access
A newly uncovered phishing panel called ARToken is giving cybercriminals an easy way to steal Microsoft 365 login sessions without ever touching a password. The tool works by abusing a legitimate Microsoft sign in feature meant for devices without a keyboard or browser, tricking victims into...