CSO Online

EvilTokens abuses Microsoft device code flow for account takeovers

The phishing-as-a-service toolkit leverages legitimate authentication to capture tokens and access Microsoft 365 services.

Microsoft 365 Under Siege: Phishing Campaign Bypasses MFA Across 5 Countries

A global phishing campaign targeting Microsoft 365 bypasses security codes using a legitimate login feature, impacting ...
The Hacker News

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Device code phishing targets 340+ Microsoft 365 orgs since Feb 2026 via OAuth abuse, enabling persistent token hijacking and ...
InfoWorld

Microsoft unveils code-sharing Web site

Microsoft is hoping to fire up a community of developers on a code-sharing forum the company has been testing since May but rolled out officially on Tuesday. The project, called CodePlex, is a forum ...

Microsoft updates VS Code with new themes and adjustable AI reasoning in version 1.113

VS Code 1.113 adds new themes, AI reasoning controls, and nested subagents, improving workflows and customization for ...