A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft ...

Bubble.io's good name is being tarnished by advanced and convincing phishing lures.

A global phishing campaign targeting Microsoft 365 bypasses security codes using a legitimate login feature, impacting ...

If you keep getting Microsoft single-use code requests, read this post to know how to fix the issue. A single-use code is a verification code Microsoft sends to your registered email ID or phone ...

Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building ...

Device code phishing targets 340+ Microsoft 365 orgs since Feb 2026 via OAuth abuse, enabling persistent token hijacking and ...

A new Microsoft login scam is spreading, stealing users private information. Shockingly, it doesn’t rely on stolen passwords. Hackers are exploiting Microsoft’s device code login, a legitimate ...

Multiple Russian nation-state actors are targeting sensitive Microsoft 365 accounts via device code authentication phishing, a new analysis by Volexity has revealed. The firm first observed this ...

Emergency out-of-band patches from Microsoft and Oracle signal underlying security issues around update cycles and patching, ...

A Chinese state-aligned espionage group has become the first documented threat actor to weaponize a known exploit in VS Code in a malicious attack. Visual Studio Code, or VS Code, is Microsoft's free ...

Microsoft released an emergency out-of-band update for Windows 11 on March 21, 2026, to resolve widespread sign-in problems ...