A large-scale AI-powered phishing campaign is exploiting Microsoft's device code authentication flow (OAuth Device Code Grant) to bypass multi-factor authentication and compromise Azure/Microsoft 365 accounts. Attackers use AI to generate unique, personalized phishing lures for each target and host the malicious infrastructure on legitimate platforms-as-a-service like Railway. The article does not provide a CVE, CVSS score, or specific affected/fixed software versions, as this is an abuse of a legitimate feature rather than a patchable software vulnerability.
https://jh.live/flare-040826 || Manage threat intelligence and your exposed attack surface with Flare! Try a free trial and see what info is out there: https://jh.live/flare-040826 https://www.huntress.com/blog/railway-paas-m365-token-replay-campaign Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training See what else I'm up to with: https://jh.live/newsletter ℹ️ Affiliates: Learn how to code with CodeCrafters: https://jh.live/codecrafters Host your own VPN with OpenVPN: https://jh.live/openvpn Get Blue Team Training and SOC Analyst Certifications with CyberDefenders: https://jh.live/cyberdefense