One of the most common pieces of anti-phishing advice is to double-check the website’s domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, Kaspersky encountered a campaign where attackers instruct victims to input data directly into a legitimate, trusted corporate site: the Microsoft Identity Platform, which supports an OAuth 2.0 specification known as the Device Authorization Grant.
This specific protocol extension was designed to simplify the login experience for smart TVs, IoT hardware, printers, and other input-constrained devices that lack a full browser or keyboard. It allows users to use a nearby smartphone or PC for authorizing these devices to access their accounts.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- AI Goes on Offense: How LLMs Are Redefining the Cybercrime Landscape
June 26, 2025
In their last blog, Rapid7 explored the broader rise of AI-enabled threats across ransomware, phishing, and nation-state operations. Now, they’re narrowing in on a specific piece of that evolution: how cybercriminals are using large language models to scale and automate their tactics. AI in cybersecurity is no longer experimental. It’s embedded in workflows, transforming everything from ...
- US, French authorities confirm arrest of BreachForums hackers
June 26, 2025
U.S. and French authorities have confirmed the arrests of five hackers accused of being behind several major hacks and being part of a notorious cybercrime forum. On Thursday, the U.S. Department of Justice announced the indictment of British national Kai West, 25, accusing him of being “a serial hacker” known as IntelBroker. U.S. authorities allege West ...
- Cisco Releases Security Advisory Affecting Cisco Identity Service Engine
June 26, 2025
Cisco has released a security advisory addressing two vulnerabilities, affecting Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) . CVE-2025-20281 Cisco ISE API Unauthenticated Remote Code Execution Vulnerability CVE-2025-20281 is an ‘API unauthenticated remote code execution’ vulnerability with a CVSSv3 score of 9.8. Successful exploitation could allow a remote, unauthenticated attacker to ...
- Windows users warned of new ClickFlix-style social engineering attack
June 26, 2025
A new version of popular social engineering tool ClickFix has been developed, potentially putting Windows users at risk. A cybersecurity researcher who goes by the name mr. dox has developed a new version of ClickFix, a browser-based attack often disguised as captchas to trick victims into pressing a button which then copies a command to Windows ...
- Jailbroken AIs are helping cybercriminals to hone their craft
June 26, 2025
Cybercriminals are bypassing the guardrails that are supposed to keep AI models from carrying out criminal activities, according to researchers. We’ve seen the misuse of AI models by cybercriminals growing rapidly over the past several years, shaping a new era of digital threats. Early on, attackers focused on jailbreaking public AI chatbots, which meant they used ...
- Active Exploitation of Zero-Day Vulnerability CVE-2025-6543 in NetScaler ADC and NetScaler Gateway
June 26, 2025
Citrix has released a critical security bulletin addressing a vulnerability affecting NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Citrix NetScaler is an all-in-one load balancer, web application firewall (WAF), virtual private network (VPN) gateway and SSL offloading tool for web applications. CVE-2025-6543 is a ‘memory overflow’ vulnerability with a CVSSv4 base score of ...

