A phishing campaign is abusing an official device code OAuth flow. Instead of stealing passwords,...

Summary

A sophisticated phishing campaign is leveraging the legitimate device code OAuth flow to trick users into entering verification codes on real login pages, allowing attackers to obtain long-term OAuth tokens for email and file access. Rather than attempting traditional password theft, the attackers exploit the trust users place in official authentication mechanisms to gain persistent access to victim accounts.