TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

A large-scale Microsoft device-code phishing campaign has been compromising hundreds of organizations daily since mid-March 2026. Attackers use AI to craft hyper-personalized emails, automate redirect chains through trusted platforms like Cloudflare Workers and AWS Lambda, and exploit OAuth 2.0 device code authentication to bypass MFA. The key innovation is dynamic device code generation at the final redirect stage, extending the 15-minute validity window and increasing success rates. Post-compromise activity focuses on financial data exfiltration, inbox rule creation, and device registration for persistent access. Mitigation includes blocking device code flow via Conditional Access policies where not needed and employee phishing awareness training.

Hundreds compromised daily in Microsoft device code phishes