Device code phishing attacks surge 37x as new kits spread online

Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more ...

New Password Stealer Bypasses 2FA—Chrome, Edge And Firefox Targeted

This new Storm attack platform can exfiltrate passwords and session data, enabling 2FA bypass. Google Chrome, Microsoft Edge ...
CSO Online

EvilTokens abuses Microsoft device code flow for account takeovers

The phishing-as-a-service toolkit leverages legitimate authentication to capture tokens and access Microsoft 365 services.

New EvilTokens service fuels Microsoft device code phishing attacks

A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft ...
SecurityWeek

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials are fueling ransomware, SaaS breaches, and nation-state attacks, as infostealers and AI drive a surge in ...
Harvard Business Review

Better People Analytics

Measure who they know, not just who they are. by Paul Leonardi and Noshir Contractor “We have charts and graphs to back us up. So f*** off.” New hires in Google’s people analytics department began ...