Oauth

• EvilTokens: Device Code Phishing Hit 340+ M365 Orgs and a Password Reset Won't Fix It March 25, 2026

  A campaign targeting 340+ Microsoft 365 organisations across five countries is using the OAuth device code flow to harvest persistent access tokens. The critical detail: those tokens survive a password reset.