device-code-phishing

Device Code Phishing Is Up 37.5x and Ten Kits Are Competing for Market Share

John Z Black Apr 5, 2026

Ransomware & Cybercrime #device-code-phishing #oauth #phishing-kits #eviltokens #mfa-bypass #phaas

Device code phishing attacks surged 37.5x in 2026 with at least ten competing kits now selling the technique to low-skill criminals.

Your MFA Isn't Enough. (And Most Places Don't Even Have That.)

John Z Black Mar 29, 2026

Incidents & Breaches #mfa #phishing #oauth #device-code-phishing #microsoft365 #passwordless #azure #authentication #identity-security

A phishing campaign bypassed MFA at 340+ organizations using legitimate OAuth flows, while 76% of companies are still relying on passwords in the first place.