The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

GitHub traced the breach to a malicious version of a Visual Studio Code extension, underscoring the threat of hackers ...

TeamPCP exfiltrated 3,800 internal GitHub repositories after poisoning a VS Code extension. No customer data was affected, the company says.

The Microsoft Defender Security Research Team has confirmed that a pervasive new authentication code attack is compromising hundreds of organizations daily.

Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login flows.

A GitHub employee has unwittingly allowed 3,800 internal repositories to be breached after a device compromise with a ...

Overlooked attack method used since last August in a rash of account takeovers. Well, this sucks. But the target list makes sense, from the perspective of an enemy attacking. Ed: trying to be sure the ...

GitHub has confirmed a cyberattack after a threat actor claimed to be selling stolen company data. The breach involved ...

Multiple Russian nation-state actors are targeting sensitive Microsoft 365 accounts via device code authentication phishing, a new analysis by Volexity has revealed. The firm first observed this ...