Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

device-code-phishing

Attackers use device code vishing to take over Microsoft Entra accounts

Cloud, Cybercrime, News, Vendors

February 20, 2026

Threat actors used device code phishing and vishing to abuse the OAuth 2.0 device flow and compromise Microsoft Entra accounts. The attacks use legitimate OAuth client IDs to obtain refresh tokens and access connected SSO applications.

About
Editorial Policy
Privacy
Contact