A cybersecurity firm has warned of a surge in attacks targeting Microsoft 365 accounts by abusing Microsoft’s OAuth 2.0 device authorisation flow. The campaigns bypass multifactor authentication by tricking users into entering device codes on legitimate Microsoft login pages, granting attackers direct access without stealing passwords. Activity has reportedly increa…A cybersecurity firm has warned of a surge in attacks targeting Microsoft 365 accounts by abusing Microsoft’s OAuth 2.0 device authorisation flow. The campaigns bypass multifactor authentication by tricking users into entering device codes on legitimate Microsoft login pages, granting attackers direct access without stealing passwords. Activity has reportedly increa…