Redmondmag.com

Microsoft, RSA Make Dual Authentication Moves at RSAC 2026

Two of the bigger authentication announcements to come out of the RSA Conference this week both point in the same direction: organizations need a more flexible, unified approach to identity security, ...
The Hacker News

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Device code phishing targets 340+ Microsoft 365 orgs since Feb 2026 via OAuth abuse, enabling persistent token hijacking and ...
Bleeping Computer

Hackers target Microsoft Entra accounts in device code vishing attacks

Once the OAuth app is connected to an account, threat actors can use the device_code to retrieve the targeted employee's refresh token, which can then be exchanged for access tokens. Those access ...
WinBuzzer

March Windows Update Breaks Microsoft Account Sign-ins

Microsoft has confirmed that the March KB5079473 update breaks Microsoft account sign-ins in Teams, OneDrive, Edge, and other ...