ConsentFix debrief: Insights from the new OAuth phishing attack

ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push ...
Hosted on MSN

Experts warn Microsoft Copilot Studio agents are being hijacked to steal OAuth tokens

CoPhish uses Copilot Studio agents to phish OAuth tokens via fake login flows Attackers exploit Microsoft domains to appear legitimate and access sensitive user data Mitigations include restricting ...

Microsoft 365 accounts are under attack from new malware spoofing popular work apps

Criminals are using stolen email addresses to distribute malicious OAuth Apps These apps steal sensitive data and redirect ...