惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

酷 壳 – CoolShell
酷 壳 – CoolShell
aimingoo的专栏
aimingoo的专栏
Microsoft Security Blog
Microsoft Security Blog
NISL@THU
NISL@THU
T
Threatpost
T
The Exploit Database - CXSecurity.com
T
Threat Research - Cisco Blogs
S
Securelist
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
人人都是产品经理
人人都是产品经理
B
Blog RSS Feed
S
Secure Thoughts
MyScale Blog
MyScale Blog
O
OpenAI News
P
Palo Alto Networks Blog
美团技术团队
C
Cyber Attacks, Cyber Crime and Cyber Security
TaoSecurity Blog
TaoSecurity Blog
量子位
L
Lohrmann on Cybersecurity
G
GRAHAM CLULEY
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
T
Tailwind CSS Blog
Know Your Adversary
Know Your Adversary
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Simon Willison's Weblog
Simon Willison's Weblog
宝玉的分享
宝玉的分享
PCI Perspectives
PCI Perspectives
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
Cybersecurity and Infrastructure Security Agency CISA
T
Tenable Blog
I
InfoQ
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Microsoft Azure Blog
Microsoft Azure Blog
Recent Announcements
Recent Announcements
S
Security @ Cisco Blogs
S
Schneier on Security
B
Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
The Cloudflare Blog
AWS News Blog
AWS News Blog
IT之家
IT之家
V
Vulnerabilities – Threatpost
The Hacker News
The Hacker News
H
Heimdal Security Blog
I
Intezer
A
Arctic Wolf
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
H
Help Net Security
W
WeLiveSecurity

Human Risk Management Blog

Trust, Verify, Protect: Modernizing Email Security for the Cloud Report: Social Engineering Remains a Central Part of AI-assisted Attacks ClickFix Social Engineering is Now the Leading Malware Delivery Method CyberheistNews Vol 16 #28 Your 2026 Phishing by Industry Benchmarks: The Findings on Human Risk Scammers Can Use AI Tools to Pinpoint Your Location Based on a Photo Report: Attackers Are Using AI to Automate Social Engineering Your KnowBe4 Fresh Compliance Plus Content Updates from June 2026 From Awareness to Digital Workforce Security Your KnowBe4 Fresh Content Updates from June 2026 Threat Actor Uses Phishing to Breach Orgs for Ransomware Gangs Invoice Phishing Attacks Are Abusing the Shop App Phishing Campaign Impersonates Interpol to Deliver Ransomware Prompt Injection and the Rise of Agentic Risk Hyper-Targeted Social Engineering Needs Real-Time Video Response Your Email is Protected. Is Your Teams Chat? CyberheistNews Vol 16 #27 [HOW TO] Your Cybersecurity Starts at Home on World Social Media Day 2026 Phishing by Industry Benchmarking Report: Findings on Human Risk Static DLP Is Leaving You in the Dark: Why It’s Time for Intelligent, Self-Serve Outbound DLP and Misdirected Content Analysis INC Ransomware Gang Targets the Legal Sector 5 Essential Cybersecurity Defenses for Cloud Email Security Cybercriminals Are Targeting the FIFA World Cup 2026 Why Bite-Sized Security Awareness Training Matters in an Age of TikTok and Digital Distraction Happy 3rd Birthday to Our KnowBe4 Community! Phishing Exposes Employee Data at 86% of Fortune 100 Companies Shadow AI Is Not Shadow IT With a Better Marketing Budget CyberheistNews Vol 16 #26 A New Extortion Scam Uses IT Impersonation to Breach Organizations Cybersecurity Starts At Home This World Social Media Day FTC Report: Americans Lost $3.5 Billion to Imposter Scams Last Year Report: Online Shoppers Increasingly Ignore Scam Warning Signs Security Training Needs Google Maps, Not Christopher Columbus Turn Account Takeover Into Real-Time Security Coaching Extortion Gang Sends In-Person Attackers to Exfiltrate Data Attackers aren’t loyal to any collaboration channel CyberheistNews Vol 16 #25 [The AI Tell] How To Expose Machine-Written Phishing Fast Social Engineering Attacks Abuse Workplace Collaboration Tools New Extortion Brand Uses IT Impersonation to Breach Organizations APWG Report: Social Media Phishing is Surging Cybersecurity Awareness Training for AI: Key Focus Areas Americans Lost $900 Million to AI-Powered Scams Last Year What AI Can’t Hide When It Writes a Phishing Email Your AI Agents Are Eager to Please And Easy to Exploit From 1% to 26%: How AIDA Orchestration Fixes the Remedial Training Gap Best AI Agent Security Tools for SMB and Enterprise in 2026 4 Hot Summer Travel Tips To Avoid Scams CyberheistNews Vol 16 #24 [FBI Alert] Lock Down Your Microsoft 365 Device Code Flows Now The Role of Agentic AI in Phishing Security Training A Credit Score for Cyber Behavior Agentic AI Security in 2026: What to Know How to Secure AI Agents: 4 Best Practices An Overview of Email Compliance Regulations and Reporting Report: AI-Assisted Fraud is Surging Attackers Use Spoofed ChatGPT Site to Deliver Malware I Love Device-Bound Session Credentials, But They Are Still Phishable and Hackable Nearly Two-Thirds of CEOs Cite Cyberattacks as Their Top Concern A Look at Spam vs. Phishing: 4 Key Differences KnowBe4 Wins Multiple 2026 TrustRadius Top Rated Awards Cyber Insurance for Mid‑Market Organizations in Southeast Asia KnowBe4 Earns Multiple 2026 Buyer's Choice Awards from TrustRadius The New Frontier: Securing Japan’s Hybrid Digital Workforce (2026 & Beyond) CyberheistNews Vol 16 #23 Now Phishing Attacks Use Real Hotel Reservations to Target Travelers Report: AI-Enabled Social Engineering Attacks Are on the Rise Your KnowBe4 Fresh Compliance Plus Content Updates from May 2026 FBI: Kali365 Phishing Kit is Targeting Microsoft 365 Accounts KB4-CON - AI Is Everything How to Secure AI Adoption In Your Organization Your KnowBe4 Fresh Content Updates from May 2026 The Silent Invitation: A Deep Dive into Calendar Invite Phishing Cyber Insurance for Mid‑Market Organizations in Southeast Asia Chinese-Language Phishing Kits Are Growing More Advanced Phishing Attacks Are Using Real Hotel Reservation Info to Target Travelers Warning: Scammers are Exploiting Geopolitical Unrest Athletes Are Increasingly Targeted by Social Engineering Attacks AI Agent Governance Part 3 - Runtime Governance: The Hidden Performance Cost of Agentic AI AI Agent Governance Part 2 - What Good Looks Like: Governing AI Agents in Practice 8 Ways to Reduce False Positives in Email Security Ransomware Attacks Drive a Surge in Cyber Insurance Claims My Favorite 5 KnowBe4 Agents Perry Carpenter KB4-CON 2026 Q&A: Deepfakes & Deception Free Gift Fallacy: How Attackers Harvest Credit Cards via Fake Surveys When Global Conflict Becomes a Cyber Weapon: How Iran Tensions and Other Stressful Events Fuel Social Engineering Attacks CyberheistNews Vol 16 #21 [Heads Up] GitHub Breach Shows Developer Tools Are Social Engineering Targets Alert: Extortion Groups Are Using Phishing Kits to Automate Their Attacks Beyond the Chatbot: Why Your AI Agents are Your Newest (and Most Vulnerable) Colleagues Report: Adversarial Use of AI is Evolving
Report: Device Code Phishing is Surging
KnowBe4 Team · 2026-06-26 · via Human Risk Management Blog

Multiple sophisticated phishing kits are now focusing on harvesting device codes to breach accounts without a password, according to researchers at LevelBlue.

Device code phishing exploits a legitimate Microsoft authentication flow to harvest Microsoft 365 access and refresh tokens without ever capturing a password,” the researchers explain. “The core mechanic is straightforward: whoever initiates the authentication request receives the resulting tokens. Once obtained, the tokens allow attackers to access Microsoft 365 services, maintain persistent access through refresh tokens, and conduct follow-on activities such as further reconnaissance, phishing, and data extraction.”

Top commodity phishing platforms, including Tycoon2FA, EvilTokens, Kali365, Ghost Hub, and Cyb3r, have incorporated this ability, allowing unskilled threat actors to launch device code phishing attacks.

“Tycoon2FA provides the clearest example of how phishing kits mature over time,” the researchers write. “What began in 2023 as a straightforward AiTM credential harvester evolved into one of the most sophisticated PhaaS platforms documented. Despite a coordinated Europol and Microsoft takedown in March 2026, Tycoon2FA resumed operations within weeks, now with device code flow capability layered on top of its existing AiTM infrastructure. EvilTokens and Kali365 follow a similar trajectory, launching in early 2026 with AI-augmented capabilities already integrated and continuing to improve their functionality since launch. Kits that survive their first year tend to become significantly more dangerous in their second.”

The researchers expect commodity phishing kits to continue incorporating new techniques in order to overcome defenses.

“Device code flow phishing is accelerating rapidly and shows no signs of slowing,” LevelBlue concludes. “What began as a relatively simple lure has evolved into a sophisticated process that is now easily accessible to threat actors. The affiliate programs offered by PaaS platforms further lower the barrier, enabling both experienced operators and less-skilled actors to launch targeted and opportunistic campaigns against organizations.”

LevelBlue has the story: The Device Code Phishing Tsunami: What We’re Seeing in the Wild