OAuth

EvilTokens Phishing Service Bypasses MFA at 340+ Microsoft 365 Organizations

A $500/month subscription service has weaponized OAuth device code flows, rendering enterprise multi-factor authentication ineffective against credential theft.