> TritonInfoSec News
Home / Apr 05, 2026 / Story
0
#6 BleepingComputer general April 04, 2026 at 14:17 UTC

Device code phishing attacks surge 37x as new kits spread online

By Bill Toulas

AI Summary

Device code phishing attacks exploiting OAuth 2.0 Device Authorization Grant flow have surged 37 times this year as new attack kits spread online. These attacks abuse the legitimate device authorization process to hijack user accounts by tricking victims into entering codes on attacker-controlled devices. The dramatic increase indicates cybercriminals are rapidly adopting this technique to bypass traditional authentication protections.

Read full article → https://www.bleepingcomputer.com/news/security/dev…

Relevance score: 83.0/100

# More from April 05

  1. 1
    Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS The Hacker News
  2. 2
    36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants The Hacker News
  3. 3
    Axios npm hack used fake Teams error fix to hijack maintainer account BleepingComputer
  4. 4
    European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack SecurityWeek
  5. 5
    LinkedIn secretly scans for 6,000+ Chrome extensions, collects data BleepingComputer
  6. 7
    TrueConf Zero-Day Exploited in Asian Government Attacks SecurityWeek
  7. 8
    React2Shell Exploited in Large-Scale Credential Harvesting Campaign SecurityWeek
  8. 9
    New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images The Hacker News
  9. 10
    CERT-EU: European Commission hack exposes data of 30 EU entities BleepingComputer