{"id":2122,"date":"2026-03-25T13:05:07","date_gmt":"2026-03-25T13:05:07","guid":{"rendered":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/25\/device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse\/"},"modified":"2026-03-25T13:05:07","modified_gmt":"2026-03-25T13:05:07","slug":"device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse","status":"publish","type":"post","link":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/25\/device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse\/","title":{"rendered":"Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse"},"content":{"rendered":"<div>Cybersecurity researchers are calling attention to an active device code phishing campaign that&#8217;s targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany.<br \/>\nThe activity, per Huntress, was first spotted on February 19, 2026, with subsequent cases appearing at an accelerated pace since then. Notably, the campaign leverages<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity researchers are calling attention to an active device code phishing campaign that&#8217;s targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany. The activity, per Huntress, was first spotted on February 19, 2026, with subsequent cases appearing at an accelerated pace since then. Notably, the campaign [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[90],"tags":[91],"class_list":["post-2122","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-cybersecurity"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse - Imperative Business Ventures Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/25\/device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse - Imperative Business Ventures Limited\" \/>\n<meta property=\"og:description\" content=\"Cybersecurity researchers are calling attention to an active device code phishing campaign that&#8217;s targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany. The activity, per Huntress, was first spotted on February 19, 2026, with subsequent cases appearing at an accelerated pace since then. Notably, the campaign [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/25\/device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse\/\" \/>\n<meta property=\"og:site_name\" content=\"Imperative Business Ventures Limited\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-25T13:05:07+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/25\/device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/25\/device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"headline\":\"Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse\",\"datePublished\":\"2026-03-25T13:05:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/25\/device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse\/\"},\"wordCount\":66,\"keywords\":[\"Cybersecurity\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/25\/device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse\/\",\"url\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/25\/device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse\/\",\"name\":\"Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse - Imperative Business Ventures Limited\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/#website\"},\"datePublished\":\"2026-03-25T13:05:07+00:00\",\"author\":{\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/25\/device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/25\/device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/25\/device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.ibvl.in\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.ibvl.in\/#website\",\"url\":\"https:\/\/blog.ibvl.in\/\",\"name\":\"Imperative Business Ventures Limited\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.ibvl.in\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/blog.ibvl.in\"],\"url\":\"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse - Imperative Business Ventures Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/25\/device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse\/","og_locale":"en_US","og_type":"article","og_title":"Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse - Imperative Business Ventures Limited","og_description":"Cybersecurity researchers are calling attention to an active device code phishing campaign that&#8217;s targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany. The activity, per Huntress, was first spotted on February 19, 2026, with subsequent cases appearing at an accelerated pace since then. Notably, the campaign [&hellip;]","og_url":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/25\/device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse\/","og_site_name":"Imperative Business Ventures Limited","article_published_time":"2026-03-25T13:05:07+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/25\/device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse\/#article","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/25\/device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse\/"},"author":{"name":"admin","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"headline":"Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse","datePublished":"2026-03-25T13:05:07+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/25\/device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse\/"},"wordCount":66,"keywords":["Cybersecurity"],"articleSection":["Cybersecurity"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/25\/device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse\/","url":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/25\/device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse\/","name":"Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse - Imperative Business Ventures Limited","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/#website"},"datePublished":"2026-03-25T13:05:07+00:00","author":{"@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"breadcrumb":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/25\/device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.ibvl.in\/index.php\/2026\/03\/25\/device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/25\/device-code-phishing-hits-340-microsoft-365-orgs-across-five-countries-via-oauth-abuse\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.ibvl.in\/"},{"@type":"ListItem","position":2,"name":"Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse"}]},{"@type":"WebSite","@id":"https:\/\/blog.ibvl.in\/#website","url":"https:\/\/blog.ibvl.in\/","name":"Imperative Business Ventures Limited","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.ibvl.in\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/blog.ibvl.in"],"url":"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/2122","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/comments?post=2122"}],"version-history":[{"count":0,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/2122\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/media?parent=2122"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/categories?post=2122"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/tags?post=2122"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}