Microsoft-tracked threat actor first observed using device code phishing against M365 in early 2025
1 story