{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreibdmwq6zhe2abo6pwfcanji3io2zdo37y7rtd4dj2vtvkq2stqguy",
    "uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3miiekihku752"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreifi63q4i3zu736bmynf5zm7aotideiqsno67p6cce2urqglu4fx5e"
    },
    "mimeType": "image/webp",
    "size": 52936
  },
  "path": "/eviltokens-turns-microsofts-device-code-flow-into-a-phishing-tool-for-account-takeover/",
  "publishedAt": "2026-04-01T10:11:52.000Z",
  "site": "https://vpncentral.com",
  "tags": [
    "News",
    "EvilTokens turns Microsoft’s device code flow into a phishing tool for account takeover",
    "VPN Central"
  ],
  "textContent": "A new phishing-as-a-service platform called EvilTokens is helping cybercriminals hijack Microsoft 365 accounts by abusing Microsoft’s legitimate device code authentication flow. Sekoia says the kit began circulating in phishing-focused underground communities in early March 2026 and stands out because it does not need a fake Microsoft login page to steal credentials in the usual way. […]\n\nThe post EvilTokens turns Microsoft’s device code flow into a phishing tool for account takeover appeared first on VPN Central.",
  "title": "EvilTokens turns Microsoft’s device code flow into a phishing tool for account takeover"
}