Hackers target Microsoft Entra accounts in device code vishing attacks
Bleeping Computer
by Bill ToulasFebruary 19, 2026
Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device Authorization flow and compromise Microsoft Entra accounts.
Verticals
securitytech
Originally published on Bleeping Computer on 2/19/2026