OAuth Abuse: The Rise of Device Code Phishing Campaigns

from Decoded: The Cybersecurity Podcast · host Edward Henriquez

Cybersecurity researchers have identified a widespread phishing campaign targeting hundreds of Microsoft 365 organizations across five countries by exploiting OAuth device authorization flows. This sophisticated attack tricks users into entering legitimate device codes on authentic Microsoft login pages, allowing hackers to bypass multi-factor authentication and maintain access even after password resets. The operation utilizes a diverse range of lures, such as fake DocuSign notifications and construction bids, while leveraging Cloudflare Workers and Railway infrastructure to host malicious redirect chains. These attacks are linked to a new phishing-as-a-service platform called EvilTokens, which provides automated tools for credential harvesting and spam filter evasion. To remain undetected, the landing pages employ anti-analysis techniques that disable developer tools and block browser-based inspections. Experts recommend that organizations monitor sign-in logs for specific IP addresses and revoke OAuth refresh tokens to mitigate the threat.

NOW PLAYING

0:00 23:50

1×

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Share this episode

Similar Episodes

I'm ok

Mar 26, 2026 ·1m

Food Saved My Life

Mar 19, 2026 ·34m

Eat More Vegetables: The 4 Foods That Beat Ozempic (Naturally)

Feb 18, 2026 ·11m

How to End Heart Disease with Dr. Fuhrman

Feb 11, 2026 ·45m

Revolutionizing Breast Health: QT Imaging, Overdiagnosis, and What to Do Instead

Jan 27, 2026 ·35m

REMIX: Why we over-shop and compulsively acquire, and how to stop, with Dr Jan Eppingstall

Jan 9, 2026 ·61m

Similar Podcasts

MG Show MG Show The MG Show, hosted by Jeffrey Pedersen and Shannon Townsend, is a leading alternative media platform dedicated to uncovering the truth behind today’s most pressing political issues. Launched in 2019, the show has grown exponentially, offering unfiltered insights, comprehensive research, and real-time analysis. With a commitment to independent journalism and factual integrity, the MG Show empowers its audience with knowledge and encourages active participation in the political discourse. Ask A Spaceman Archives - 365 Days of Astronomy Ask A Spaceman Archives - 365 Days of Astronomy Podcasting Astronomy Every Day of the Year Breaking News Show | eTurboNews Juergen Thomas Steinmetz News is relevant to the global travel and tourism industry, human rights and global issues.Breaking news when it happens and only from the source. Eat to Live Jenna Fuhrman, Dr. Fuhrman Our health is our most precious gift and smart nutrition can change your life. Each month, join Dr. Fuhrman and his daughter, Jenna Fuhrman as they discuss important topics in the world of nutrition. Eat to Live will change the way you eat and think about food.

Frequently Asked Questions

How long is this episode of Decoded: The Cybersecurity Podcast?

This episode is 23 minutes long.

When was this Decoded: The Cybersecurity Podcast episode published?

This episode was published on March 29, 2026.

What is this episode about?

Can I download this Decoded: The Cybersecurity Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.

URL copied to clipboard!