Ongoing Campaign Targets Microsoft 365 to Steal OAuth Tokens for Persistent Access

A new phishing campaign exploiting Microsoft’s OAuth 2.0 Device Authorization Grant flow to gain unauthorized and persistent access to Microsoft 365 accounts.

The sophisticated…