Portsuppe

When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website

Kaspersky Securelist·2h·Reputable

The OAuth 2.0 Device Authorization Grant specification was designed to streamline authentication for Smart TVs, IoT devices, and printers. Today, threat actors are weaponizing it.

Categories cybersecurity · government-security · unknown-it-category-15
Original source / advisory
Published
7/6/2026, 9:00:43 AM
Fetched
7/6/2026, 9:19:32 AM
Trust
reputable · 80/100
Language
en