ConsentFix debrief: Insights from the new OAuth phishing attack

ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push ...
Bleeping Computer

Microsoft, Google OAuth flaws can be abused in phishing attacks

Researchers have discovered a set of previously unknown methods to launch URL redirection attacks against weak OAuth 2.0 implementations. These attacks can lead to the bypassing of phishing detection ...
SiliconANGLE

Microsoft details three OAuth-focused hacking campaigns

Microsoft Corp. on Tuesday detailed three hacking campaigns that made use of OAuth, a technology commonly used to let workers log into business applications with their Microsoft and Google accounts.
ZDNet

Microsoft warning: These phishing attackers used fake OAuth apps to steal email

Microsoft has warned that fraudulent Microsoft Partner Network (MPN) accounts were used in a phishing campaign that featured bogus apps that tricked victims into granting them permissions to access ...
Mena FN

Russian Cyber Actors Exploit Microsoft Oauth To Breach Ukraine-Linked Organisations

Russian-linked cyber operatives have been leveraging legitimate Microsoft OAuth 2.0 authentication processes to compromise Microsoft 365 accounts of individuals and organisations associated with ...