Recent findings from cybersecurity researchers highlight a significant device code phishing campaign affecting more than 340 organizations utilizing Microsoft 365 in the U.S., Canada, Australia, New Zealand, and Germany. The campaign, which was first detected on February 19, 2026, has rapidly escalated, exploiting OAuth's device code flow to deceive users into granting malicious applications access to their accounts. This technique leverages the trust associated with legitimate OAuth flows, making it challenging for end-users to identify the malicious intent behind the requests.
For businesses, the implications of this campaign are profound, emphasizing the necessity for enhanced security measures, including user education on recognizing phishing attempts and the implementation of multi-factor authentication (MFA) to fortify account security. Organizations must also review their OAuth application permissions and ensure that only trusted applications are granted access to sensitive data. This incident underscores the evolving tactics employed by cybercriminals, making it imperative for businesses to remain vigilant against such threats, especially as reliance on cloud-based services continues to grow. Addressing these vulnerabilities is crucial not only for protecting organizational assets but also for maintaining trust in the security of cloud technologies in the broader context of cybersecurity and AI advancements.
---
*Originally reported by [The Hacker News](https://thehackernews.com/2026/03/device-code-phishing-hits-340-microsoft.html)*