Attackers are abusing Microsoft's legitimate Device Authorization Grant (OAuth 2.0 Device Code Flow) to conduct phishing attacks that bypass traditional URL-based anti-phishing defenses. By pre-fetching a device code from Microsoft's identity platform and tricking victims into entering it on the genuine login.microsoftonline.com page, attackers harvest access and refresh tokens that grant persistent access to the victim's Microsoft 365 account. Two campaign variants were observed: one using password-protected PDF attachments impersonating a law firm, and another targeting Brazilian users via open redirects on cacoo.com.
Token Theft and AI Poisoning Redefine the Perimeter
Attackers are shifting from breaking passwords to stealing active login sessions, bypassing multi-factor authentication entirely. This week, ARToken and ConsentFix exploited Microsoft 365 OAuth flows to hijack accounts, while Anubis ransomware used the ongoing CitrixBleed 2 vulnerability to steal session tokens from network gateways. Even a standard user can become a Global Administrator in minutes if identity settings are loose, as demonstrated by a recent M365 privilege escalation analysis.
Simultaneously, artificial intelligence systems have evolved from helper tools to critical vulnerabilities, serving as both the weapon and the target. Threat actors are using AI to generate malware like InfernoGrabber v9.0 and BusySnake Stealer, while also poisoning AI agent ecosystems with malicious skills like OpenClaw and tricking AI models into executing financial fraud via indirect prompt injection. The AI arms race has accelerated breakout times to under 30 minutes, with state-sponsored groups like GTG-1002 now orchestrating entire espionage campaigns via AI.
Defenders must immediately audit identity and session controls, treating session tokens as highly sensitive credentials. Security teams should also implement guardrails for AI agents, verifying external URLs and restricting autonomous financial or code execution actions.
This threat intelligence report highlights recent data breaches involving third-party vendors, emerging AI threat vectors such as prompt injection and WebSocket abuse, and active exploitation of critical vulnerabilities in Fortinet, Cisco, and Splunk products. Additionally, seasonal phishing campaigns targeting travelers and Amazon Prime members are surging alongside a cross-platform Rust-based crypto clipboard hijacker.
In response to the ongoing Mini Shai-Hulud supply chain campaign, npm has invalidated all granular access tokens that bypass two-factor authentication. The threat actors have been harvesting credentials from CI/CD environments to automate the publishing of malicious package versions, successfully bypassing existing controls like OIDC Trusted Publishing. To provide a more robust defense, npm has introduced an opt-in Staged Publishing feature that requires interactive MFA approval for automated releases.
ROADtools is an open-source Python framework designed for Entra ID exploration that has been co-opted by nation-state threat actors like APT29 and APT33. Attackers leverage its modules to conduct extensive directory reconnaissance, register rogue devices for persistence, and manipulate OAuth tokens to bypass interactive authentication controls such as MFA. Detection relies on identifying anomalous Microsoft Graph API queries, unusual user-agent strings, and default device registration artifacts.
A large-scale Adversary-in-the-Middle (AiTM) phishing campaign targeted over 35,000 users using sophisticated 'code of conduct' lures. The attack chain leveraged legitimate email services, PDF attachments, and multiple CAPTCHA gates to evade detection, ultimately proxying Microsoft 365 authentication sessions to steal tokens and bypass standard MFA.
Threat actors are increasingly targeting Kubernetes environments by exploiting vulnerabilities like React2Shell and misconfigurations to steal service account tokens. These stolen identities are then used to escalate privileges and move laterally into backend cloud infrastructure, leading to severe impacts such as cryptocurrency theft.
EvilTokens is an advanced Phishing-as-a-Service (PhaaS) platform that automates Business Email Compromise (BEC) attacks via Microsoft device code phishing. It uniquely integrates AI models to automatically analyze compromised mailboxes, identify financial targets, and generate context-aware BEC lures, significantly reducing the time and skill required for threat actors to monetize compromised accounts.
Threat actors are increasingly utilizing OAuth Device Code phishing to compromise Microsoft 365 accounts. By tricking victims into entering a verification code on the legitimate Microsoft device login page, attackers can obtain OAuth access and refresh tokens without ever harvesting the user's credentials. This technique bypasses traditional phishing defenses by operating over encrypted channels and legitimate Microsoft infrastructure.
AI Rush Opens New Attack Paths as Trusted Cloud Services Fuel Phishing
The rush to adopt artificial intelligence is giving attackers two new advantages: convincing lures to trick users and poorly secured infrastructure to exploit. This week, multiple campaigns used fake websites for the Claude AI assistant to infect victims with password-stealing malware, while researchers revealed that commercial robots and AI connection protocols contain critical flaws that let hackers hijack them. Because organizations are deploying AI tools faster than they can secure them, attackers are finding easy entry points into corporate networks.
In parallel, phishing campaigns are increasingly hijacking trusted cloud services like Amazon's email platform and Vercel's AI-powered website builder to send messages that bypass security filters entirely. A massive campaign targeting US employees used fake HR reviews to steal login sessions even when multi-factor authentication was enabled, and the breach of the Canvas learning platform exposed data on 275 million people that can now be used for highly convincing follow-up scams. These trends together suggest that traditional defenses are losing effectiveness because attackers are hiding inside the systems we already trust.
Organizations should immediately patch the actively exploited Palo Alto Networks and Ivanti vulnerabilities flagged by CISA this week, require phishing-resistant authentication methods, and treat every AI tool and robot connected to their network as a high-risk device that needs strict monitoring.