Register
At the start of 2026, device code phishing was still a niche technique associated with Russian state-linked campaigns. Six months later, we’re tracking 18x kits in the wild, a 37x spike in detections, and it feels like every PhaaS vendor in the AiTM space has added device code phishing to their platform.
What was an espionage-grade technique 18 months ago is now a criminal commodity.
Device code phishing is the go-to for criminals in 2026 because it doesn’t matter what login controls you have deployed. Strong passwords, MFA, even passkeys: it sidesteps the standard login process altogether by targeting the authorization layer. This is effectively post-auth phishing.
Once an attacker has a valid token, a single phished session can quickly escalate into broad access across an organization's connected apps and services.
Join Luke Jennings, Push's VP of R&D, for a threat research-focused session that goes behind the scenes of device code phishing — with live demos, real examples from kits and campaigns in the wild, and a practical look at what security teams can do about it. We'll cover:
This event is designed for both hands-on practitioners and security leaders looking to translate technical capabilities into tangible response outcomes.
