Technology & Innovation

Microsoft 365 Accounts Reportedly Breached After Hackers Exploit Legitimate Microsoft OAuth Feature

Dec 23, 2025 - 08:00
Microsoft 365 Accounts Reportedly Breached After Hackers Exploit Legitimate Microsoft OAuth Feature
A cybersecurity firm has warned of a surge in attacks targeting Microsoft 365 accounts by abusing Microsoft’s OAuth 2.0 device authorisation flow. The campaigns bypass multifactor authentication by tricking users into entering device codes on legitimate Microsoft login pages, granting attackers direct access without stealing passwords. Activity has reportedly increased since September 2025 and involves both cybercriminal and state-aligned groups. The company says the attacks enable data theft, lateral movement, and persistent access, and urges organisations to restrict device code authentication and strengthen user awareness.

Related Posts

US President Trump, TSMC Announce $100 Billion Plan to Build 5 New US Factories

US President Trump, TSMC Announce $100 Billion Plan to ...

Mar 4, 2025

Google Pixel 9a Surfaces on US FCC Website With Support for Satellite Connectivity

Google Pixel 9a Surfaces on US FCC Website With Support...

Mar 4, 2025

Waymo is now available exclusively on Uber in Austin

Mar 4, 2025

Nothing’s Phone 3A and 3A Pro use AI to organize all yo...

Mar 4, 2025

People in Modern Societies Sleep More but Have Irregular Sleep Cycles

People in Modern Societies Sleep More but Have Irregula...

Mar 4, 2025

Tencent’s AI Bot Passes DeepSeek as China’s Favorite on iPhones

Tencent’s AI Bot Passes DeepSeek as China’s Favorite on...

Mar 4, 2025