A novel phishing campaign uses AI-assisted automation to exploit the OAuth Device Code Authentication flow, bypassing the standard 15-minute code expiration window to enable large-scale account takeover. The attack leverages dynamic code generation and automated infrastructure to compromise organizational accounts. No specific CVSS score, affected versions, fixed versions, or workarounds are provided in the source article.
A phishing campaign that bypasses the standard 15-minute expiration window through automation and dynamic code generation, leveraging the OAuth Device Code Authentication flow to compromise organizational accounts at scale, has been observed by the Microsoft Defender Security Research team. The campaign uses AI-assisted infrastructure and end-to-end automation. Attack overview Device Code Authentication is a legitimate OAuth flow designed for devices that cannot support a standard interactive login. In this model, a code is presented on … More → The post AI-enabled device code phishing campaign exploits OAuth flow for account takeover appeared first on Help Net Security .