NEUEvilTokens: Phishing-as-a-Service Bypasses Two-Factor Authentication on Microsoft 36517. June 2026CybersecurityShare on:EvilTokens exploits OAuth 2.0 device flows to compromise 2FA-protected Microsoft 365 accounts by tricking users into authorizing devices. Share on:
