2025年12月22日,科技媒体披露黑客正利用微软合法的OAuth 2.0设备授权流程,绕过多因素认证(MFA)接管企业级Microsoft 365账户。攻击者通过伪造验证请求,诱骗用户在手机输入其提供的设备代码,从而获取访问tokens并控制账户。此类钓鱼活动自2025年9月起活跃,使用SquarePhish2、Graphish等工具包,且因发生在微软合法域名下,传统检测手段难以识别。安全机构...
Source Link2025年12月22日,科技媒体披露黑客正利用微软合法的OAuth 2.0设备授权流程,绕过多因素认证(MFA)接管企业级Microsoft 365账户。攻击者通过伪造验证请求,诱骗用户在手机输入其提供的设备代码,从而获取访问tokens并控制账户。此类钓鱼活动自2025年9月起活跃,使用SquarePhish2、Graphish等工具包,且因发生在微软合法域名下,传统检测手段难以识别。安全机构...
Source LinkDisclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.