A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.

Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more ...

A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft ...

The Trivy incident exposed a credential architecture failure, not just a supply chain one. Here’s the case for workload identity and access. The post The Trivy Compromise: The Fallacy of Secrets ...

Claude Code 2.0 as it has been labelled by some introduces new features aimed at improving coding workflows and handling complex tasks more effectively. One notable addition is the “By the Way” ...

Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code ...

Hackers are hijacking Microsoft enterprise accounts by abusing a legitimate device-code authentication feature, tricking victims into entering attacker-generated codes on Microsoft’s own login portal.

Unwitting employees register a hacker’s device to their account; the crook then uses the resulting OAuth tokens to maintain persistent access. Another device code phishing campaign that abuses OAuth ...

Attackers trick users into approving access on real Microsoft pages OAuth device code phishing surged sharply since September 2025 Both cybercriminals and state-linked actors reportedly use this ...