Threats Tagged 'microsoft entra id'
View all threats tagged with 'microsoft entra id'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'microsoft entra id'
Click on any threat for detailed analysis and mitigation recommendations
Abusing OAuth Device Code Flow 0 In early 2026, phishing attacks remain a top threat vector in security operations. This analysis covers a novel attack method exploiting Microsoft's OAuth 2.0 Device Authorization Grant (Device Code Flow) to compromise user accounts. Attackers use phishing emails containing Mailchimp's Mandrill service links to bypass security controls, leading victims to fake Adobe-themed websites. The sites abuse legitimate Microsoft authentication mechanisms to obtain access and refresh tokens, granting persistent delegated access to critical resources like Graph API, Teams, Outlook, and SharePoint. The technique leverages shared client IDs across tenants and family of client IDs (FOCI) for lateral movement. Two variants exist: one using external phishing infrastructure with dynamic code generation, and another relying solely on fake meeting invitations containing pre-generated device codes. The attack is particularly effective as it uses legitimate Microsoft services, making detection challenging. Join the discussion | AlienVault OTX General | 04/20/2026, 20:30:02 UTC Added: 04/21/2026, 09:31:05 UTC |
Showing 1 to 1 of 1 result