A cybercriminal group, Storm-2372, is using phishing attacks to gain access to sensitive information from organizations worldwide. The group tricks victims into entering device codes on legitimate login pages, bypassing password and multi-factor authentication. Microsoft advises users to be cautious of suspicious messages and to block the device code flow when not required.