If you haven't heard of EvilTokens yet, now's the time to pay attention. Microsoft's vice president of security research just confirmed that this phishing campaign is not only active but accelerating and it's bypassing multi-factor authentication at scale. Press enter or click to view image in full size Image credit: Unknown "We continue to observe high-volume activity, with hundreds of compromises occurring daily across affected environments," said Tanmay Ganacharya. That's not a theoretical risk. That's real businesses getting breached right now. What EvilTokens Actually Does Microsoft’s security team warned on April 6 that attackers are exploiting something called the Device Code Authentication flow, a legitimate Microsoft feature that lets you sign into apps on devices like smart TVs or shared terminals by entering a code on your phone or computer. The problem Attackers have figured out how to weaponize it.…