Abstract: IoT devices possess a radio-frequency fingerprint (RFF) due to inherent variations in manufacturing, making it device-specific and difficult to alter. This unique RFF, derived from RF ...

Tired of seeing its elementary-school children struggle with online temptations, the town of Greystones proposed a ‘no smart devices’ code. Most everyone bought in. The seaside town of Greystones, ...

Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, ...

Close-up on a woman controlling the temperature of her smart home using a mobile app on a digital tablet - Andresr/Getty Images Smart home devices are supposed to make residences more efficient, ...

Hackers are hijacking Microsoft enterprise accounts by abusing a legitimate device-code authentication feature, tricking victims into entering attacker-generated codes on Microsoft’s own login portal.

Unwitting employees register a hacker’s device to their account; the crook then uses the resulting OAuth tokens to maintain persistent access. Another device code phishing campaign that abuses OAuth ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

Cybercriminals are launching a widespread wave of phishing attacks that bypass Multi-Factor Authentication (MFA) by exploiting a standard Microsoft 365 feature. Security researchers at Proofpoint warn ...

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...

Microsoft 365 is under attack, China and Russia afflited hackers suspected. Updated December 23 with advice from a mobile security solutions expert regarding the Russian device code attacks targeting ...

Since September 2025, a suspected Russia-aligned group known as UNK_AcademicFlare has executed a phishing campaign targeting Microsoft 365 credentials. The campaign mainly impacts entities in ...

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...