The Conversation

Receiving a login code via SMS and email isn’t secure. Here’s what to use instead

When it comes to personal cybersecurity, you might think you’re doing alright. Maybe you’ve got multi-factor authentication set up on your phone so that you have to enter a code sent to you by SMS ...
Windows Report

Tycoon2FA Returns With New Microsoft 365 Device-Code Phishing Attacks

Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login flows.
Bleeping Computer

OAuth Device Code Phishing: Azure vs. Google Compared

Come along with me on a journey as we delve into the swirling, echoing madness of identity attacks. Today, I present a case study on how different implementations of OAuth 2.0, the core authentication ...