Malware And CampaignsCampaign

EvilTokens device code phishing against Microsoft 365

March 31, 2026BleepingComputer, CSOonline, Help Net Security

BleepingComputer, Arctic Wolf, and others describe EvilTokens abusing the Microsoft device code flow to hijack accounts, reinforcing device-code phishing as a scalable Microsoft 365 takeover vector.

Open in PulseSee the full expert discussion →

QUOTES

New EvilTokens service fuels Microsoft device code phishing attacks

EvilTokens abuses Microsoft device code flow for account takeovers

EvilTokens ramps up device code phishing targeting Microsoft 365 users

phishing campaign targeting Microsoft 365 that abuses the OAuth device code flow to trick victims into providing authentication codes.

Arctic Wolf has recently observed a phishing campaign targeting Microsoft 365 that abuses the OAuth device code flow to trick victims into providing authentication codes.

VOICES

BleepingComputer

CSOonline

Help Net Security

The Cyber Security Hub™

Arctic Wolf

Nicolas Krassas

Blue Team News

RELATED TERMS

phishingaccount takeovermicrosoftmicrosoftincident responsesocial engineering

OTHER FINDINGS IN MALWARE AND CAMPAIGNS

Axios npm package compromise, WAVESHAPER.V2 cross platform RAT Handala Hack Telegram threat claiming imminent Lockheed Martin data leak Telnyx PyPI compromise (TeamPCP) shipping malware in telnyx 4.87.1/4.87.2

AMYGDALA PULSE

See what experts are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new expert voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security