By Aminu Abdullahi
Publication Date: 2026-03-26 18:25:00
More than 340 organizations across five countries have been caught in a sophisticated phishing campaign that weaponizes a trendy cloud platform designed for non-coders.
Over the past several weeks, a phishing campaign targeting Microsoft 365 accounts has exploded across the United States, Canada, Australia, New Zealand, and Germany. Security firm Huntress first spotted suspicious activity on Feb. 19, with just a handful of cases. By March 2, the problem had turned into a full-blown crisis.
How the attack works: No password? no problem
This isn’t your average “click this link to reset your password” scam. Instead, it exploits a legitimate Microsoft feature called the OAuth device authorization flow. This was originally designed for devices that are hard to type on, like a smart TV or a printer.
The attacker generates a code and tricks a user into entering it on Microsoft’s official login page. Once the victim…
