Cybersecurity researchers have identified a widespread phishing campaign targeting hundreds of Microsoft 365 organizations across five countries by exploiting OAuth device authorization flows. This sophisticated attack tricks users into entering legitimate device codes on authentic Microsoft login pages, allowing hackers to bypass multi-factor authentication and maintain access even after password resets. The operation utilizes a diverse range of lures, such as fake DocuSign notifications and construction bids, while leveraging Cloudflare Workers and Railway infrastructure to host malicious redirect chains. These attacks are linked to a new phishing-as-a-service platform called EvilTokens, which provides automated tools for credential harvesting and spam filter evasion. To remain undetected, the landing pages employ anti-analysis techniques that disable developer tools and block browser-based inspections. Experts recommend that organizations monitor sign-in logs for specific IP addresses and revoke OAuth refresh tokens to mitigate the threat.

OpenAI has introduced Codex Security, an AI-driven application security agent designed to identify and repair complex software vulnerabilities. Unlike traditional tools that often produce excessive false positives, this system uses advanced reasoning and project-specific context to prioritize high-impact risks. The platform functions by creating tailored threat models and validating potential issues within sandboxed environments to ensure accuracy. During its initial testing phase, the agent successfully decreased noise by over 80% while uncovering critical security flaws in both private and open-source repositories. To support the broader ecosystem, OpenAI is offering the tool to open-source maintainers and rolling out a research preview for various ChatGPT business and educational tiers. This initiative aims to streamline the security review process, allowing developers to deploy protected code with greater speed and confidence.

These sources provide a comprehensive overview of adversarial machine learning and the emerging field of AI penetration testing. Technical documentation from NIST establishes a formal taxonomy and terminology for identifying risks such as prompt injection, data poisoning, and privacy breaches across predictive and generative systems. Complementing this framework, educational materials from TCM Security and CavemenTech offer practical, hands-on guidance for detecting and exploiting these vulnerabilities in LLM-based applications. Through a combination of theoretical models and lab-based exercises, the materials illustrate how to bypass safety guardrails using techniques like Crescendo attacks and persona hacking. Ultimately, the collection serves as both a scientific standard and a tactical playbook for securing artificial intelligence against sophisticated modern threats.