2026 · 06 high
Device Code Phishing: When the Real Microsoft Login Becomes the Trap
A real, anonymized device code phishing case shows why a legitimate Microsoft login can still hand an OAuth token to an attacker.
Technical writeups for defenders: attack flow, indicators, detection logic, response checks, and a self-test for your own coverage.
A real, anonymized device code phishing case shows why a legitimate Microsoft login can still hand an OAuth token to an attacker.