{"id":214522,"date":"2026-02-17T10:05:00","date_gmt":"2026-02-17T15:05:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/17\/cyberheistnews-vol-16-07-uncovering-the-sophisticated-phishing-campaign-bypassing-m365-mfa\/"},"modified":"2026-02-17T11:15:10","modified_gmt":"2026-02-17T16:15:10","slug":"cyberheistnews-vol-16-07-uncovering-the-sophisticated-phishing-campaign-bypassing-m365-mfa","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/17\/cyberheistnews-vol-16-07-uncovering-the-sophisticated-phishing-campaign-bypassing-m365-mfa\/","title":{"rendered":"CyberheistNews Vol 16 #07 Uncovering the Sophisticated Phishing Campaign Bypassing M365 MFA"},"content":{"rendered":"

CyberheistNews Vol 16 #07 Uncovering the Sophisticated Phishing Campaign Bypassing M365 MFA<\/a><\/p>\n

https:\/\/blog.knowbe4.com\/cyberheistnews-vol-16-07-uncovering-the-sophisticated-phishing-campaign-bypassing-m365-mfa<\/a><\/p>\n

Publish Date: 2026-02-17 10:05:00<\/a><\/p>\n

Source Domain: blog.knowbe4.com<\/a><\/p>\n

<\/span><\/span>
\nCyberheistNews Vol 16 #07\u00a0 | \u00a0 February 17th, 2026
\n<\/span><\/span><\/p>\n

Uncovering the Sophisticated Phishing Campaign Bypassing M365 MFA<\/span><\/p>\n

KnowBe4 Threat Labs has detected a sophisticated phishing campaign targeting North American businesses and professionals. This attack compromises Microsoft 365 accounts (Outlook, Teams, OneDrive) by abusing the OAuth 2.0 Device Authorization Grant flow, bypassing strong passwords and Multi-Factor Authentication (MFA).<\/p>\n

The victim is directed to a legitimate Microsoft domain to enter an attack supplied device code. This action authenticates the victim and issues a valid OAuth access token to the attacker’s application. The real-time theft of these tokens grants the attacker persistent access to the victim’s Microsoft 365 accounts and corporate data.<\/p>\n

Key Takeaways: Campaign at a Glance<\/p>\n