No Fake Login, No Password Theft: Phishing 2026 Operates in a Completely New Way

Summary of the campaign Recently, a phishing campaign using the OAuth Device Code Flow (automated by the EvilTokens tool) was recorded, targeting over 340 organizations using Microsoft 365. This allow