Bleeping Computer

Microsoft 365 accounts targeted in wave of OAuth phishing attacks

Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism. Attackers trick victims into entering a device code on ...
Windows Report

Beware! Hackers Are Exploiting OAuth Device Code to Scam Microsoft 365 Users

Hackers are abusing a legitimate Microsoft authentication feature to break into enterprise Microsoft 365 accounts, even when multifactor authentication is enabled. Security researchers warn that ...
Infosecurity-magazine.com

OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...
GitHub

Entra ID SPA and API Code Sample

An OAuth code sample that adapts the updated SPA and API code sample to use Microsoft Entra ID. The goal is to demonstrate code portability, where these features work the same regardless of the ...
CSOonline

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...
TechRadar

State actors are abusing OAuth device codes to get full M365 account access - here's what ...

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Proofpoint reports phishing surge abusing Microsoft OAuth 2.0 device code flow Victims enter ...
gadgets360

Microsoft 365 Accounts Reportedly Breached After Hackers Exploit Legitimate Microsoft OAuth ...

Attackers trick users into approving access on real Microsoft pages OAuth device code phishing surged sharply since September 2025 Both cybercriminals and state-linked actors reportedly use this ...
GitHub

TypeScript OAuth2.0 Server

@jmondi/oauth2-server is a standards compliant implementation of an OAuth 2.0 authorization server for Node, written in TypeScript. The server uses two endpoints, GET /authorize and POST /token. The ...
NPR

Code Switch

December 31, 2025 • A few years back, many politicians were raising the alarm about the dangers of "CRT" in schools. Today, the new risk to public education is "DEI." What do both of these moments ...
NPR

Code Switch

What's CODE SWITCH? It's the fearless conversations about race that you've been waiting for. Hosted by journalists of color, our podcast tackles the subject of race with empathy and humor. We explore ...

笑死!xAI员工竟用Claude写代码?这回Anthropic反手拔了马斯克的网线

【新智元导读】一封内部信揭开了AI巨头们之间最尴尬的秘密。 2026年1月8日,一则消息在社交媒体上炸开了锅。 根据内部Slack泄露的消息,xAI联合创始人Tony Wu向全体员工发布了一则紧急通知: 各位同事,相信很多人已经发现,Cursor中的Claude(Anthropic)模型已无法响应。据Cursor反馈,这是Anthropic针对所有主要竞争对手实施的新政策。 这既是坏消息,也是好消 ...

倒逼自研:xAI 员工用 Claude 写代码,Anthropic 反手拔了马斯克的网线

这意味着什么? 马斯克的 AI 公司 xAI,其内部工程师竟然长期依赖竞争对手 Anthropic 的 Claude 模型来写代码。 更讽刺的是,这种依赖是通过第三方编程工具 Cursor 实现的。 而现在,Anthropic 一刀切断了这条暗线。消息一出,AI 圈一片哗然。而且,Claude 不仅切断了 xAI 的供给,它还切断了 opencode 等第三方的访问。