FBI warns about Kimsuky hackers using QR codes to phish U.S. orgs

The North Korean state-sponsored hacker group Kimsuki is using malicious QR codes in spearphishing campaigns that target U.S.
IEEE

Radio Frequency-Enhanced Multi-Factor IoT Device Authentication via Swarm Learning

Abstract: With the increased popularity of Internet of things (IoT) devices, security issues have notably risen in recent times. Typically, wireless IoT applications are vulnerable to impersonation ...
gadgets360

Microsoft 365 Accounts Reportedly Breached After Hackers Exploit Legitimate Microsoft OAuth Feature

Attackers trick users into approving access on real Microsoft pages OAuth device code phishing surged sharply since September 2025 Both cybercriminals and state-linked actors reportedly use this ...
winbuzzer.com

Microsoft 365 Phishing Surge: Attackers Weaponize Legitimate Device Code Flow to Bypass MFA

Cybercriminals are launching a widespread wave of phishing attacks that bypass Multi-Factor Authentication (MFA) by exploiting a standard Microsoft 365 feature. Security researchers at Proofpoint warn ...
Windows Report

Beware! Hackers Are Exploiting OAuth Device Code to Scam Microsoft 365 Users

Hackers are abusing a legitimate Microsoft authentication feature to break into enterprise Microsoft 365 accounts, even when multifactor authentication is enabled. Security researchers warn that ...
Forbes

2FA Code Attacks Surge As Russian Hackers Target Microsoft Users

Microsoft 365 is under attack, China and Russia afflited hackers suspected. Updated December 23 with advice from a mobile security solutions expert regarding the Russian device code attacks targeting ...
IEEE

Blockchain-Enabled Distributed Authentication Mechanism for Industrial Device Access

Abstract: The secure access of numerous heterogeneous devices ensures the stability of the industrial Internet of Things. Centralized authentication can be overwhelmed by an influx of authentication ...
The Hacker News

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims' Microsoft 365 credentials and conduct account takeover ...
Infosecurity-magazine.com

OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...
Bleeping Computer

WhatsApp device linking abused in account hijacking attacks

Threat actors are abusing the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes in a campaign dubbed GhostPairing. This type of attack does not require any authentication ...
The Hacker News

Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass

Threat actors have begun to exploit two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure. Cybersecurity company Arctic Wolf said it observed ...