Device code phishing in 2026

#1740599: Device code phishing in 2026 - June 30, 2026

Description:	At the start of 2026, device code phishing was still a niche technique associated with Russian state-linked campaigns. Six months later, we’re tracking 18x kits in the wild, a 37x spike in detections, and it feels like every PhaaS vendor in the AiTM space has added device code phishing to their platform. What was an espionage-grade technique 18 months ago is now a criminal commodity. Device code phishing is the go-to for criminals in 2026 because it doesn’t matter what login controls you have deployed. Strong passwords, MFA, even passkeys: it sidesteps the standard login process altogether by targeting the authorization layer. This is effectively post-auth phishing. Once an attacker has a valid token, a single phished session can quickly escalate into broad access across an organization's connected apps and services. Join Luke Jennings, Push's VP of R&D, for a threat research-focused session that goes behind the scenes of device code phishing — with live demos, real examples from kits and campaigns in the wild, and a practical look at what security teams can do about it. We'll cover: Real examples from the most notable kits and campaigns Push is tracking in the wild Live demos of device code phishing from the attacker's side — across both Microsoft and non-Microsoft apps How AiTM kits and device code phishing are converging into multi-technique platforms Mitigation strategies, their practical limitations, and the gaps that remain The future of device code phishing — and why Microsoft targeting is just the beginning
More info:	https://pushsecurity.com/webinar/device-code-phishing?utm_source=bleeping-computer&utm_medium=sponsored-content&utm_term=ad

Description:

At the start of 2026, device code phishing was still a niche technique associated with Russian state-linked campaigns. Six months later, we’re tracking 18x kits in the wild, a 37x spike in detections, and it feels like every PhaaS vendor in the AiTM space has added device code phishing to their platform.

What was an espionage-grade technique 18 months ago is now a criminal commodity.

Device code phishing is the go-to for criminals in 2026 because it doesn’t matter what login controls you have deployed. Strong passwords, MFA, even passkeys: it sidesteps the standard login process altogether by targeting the authorization layer. This is effectively post-auth phishing.

Once an attacker has a valid token, a single phished session can quickly escalate into broad access across an organization's connected apps and services.

Join Luke Jennings, Push's VP of R&D, for a threat research-focused session that goes behind the scenes of device code phishing — with live demos, real examples from kits and campaigns in the wild, and a practical look at what security teams can do about it. We'll cover:

Real examples from the most notable kits and campaigns Push is tracking in the wild
Live demos of device code phishing from the attacker's side — across both Microsoft and non-Microsoft apps
How AiTM kits and device code phishing are converging into multi-technique platforms
Mitigation strategies, their practical limitations, and the gaps that remain
The future of device code phishing — and why Microsoft targeting is just the beginning

More info:

https://pushsecurity.com/webinar/device-code-phishing?utm_source=bleeping-computer&utm_medium=sponsored-content&utm_term=ad

Date added	June 6, 2026, 2:38 p.m.
Source	pushsecurity
Subjects	. APTs - Advanced Persistent Threats - New Reports in . APTs - Russia - New Reports in Phishing Alerts - Non-Banking PodCasts / Webcast / Webinar / eSummit / Virtual Event etc.
Venue	June 30, 2026, midnight - June 30, 2026, midnight