Lucene search
K

14 matches found

The Hacker News
The Hacker News
added 2026/05/19 11:30 a.m.15 views

The New Phishing Click: How OAuth Consent Bypasses MFA

In February 2026, a phishing-as-a-service PhaaS platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogi...

5.9AI score
Exploits0
Wiz blog
Wiz blog
added 2026/02/18 7:9 p.m.6 views

Would You Click ‘Accept’? Automatically detecting malicious Azure OAuth applications using LLMs

How Wiz Research automates detection of emerging malicious Azure app and consent phishing campaigns...

5.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/09/15 11:55 a.m.11 views

6 Browser-Based Attacks Security Teams Need to Prepare For Right Now

Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we'll explore what a "browser-based attack" is, and why they're proving to be so effective. What is a browser-based attack? First, it's important to establish what a browser-based...

7.2AI score
Exploits0
MSRC
MSRC
added 2023/02/01 8:0 a.m.20 views

Microsoft の調査 – 検証済みの発行者確認を悪用する脅威アクターの同意フィッシング キャンペーンについて

本ブログは、Microsoft Investigation – Threat actor consent phishing campaign abusing the verified publisher process の抄訳版です。最新の情報は原文を参照してくださ...

2.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/01 5:30 a.m.3 views

Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Breach Corporate Email Accounts

Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network MPN accounts that were used for creating malicious OAuth applications as part of a phishing campaign designed to breach organizations' cloud environments and steal email. "The applications created by these fraudulen...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/01 5:30 a.m.46 views

Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Breach Corporate Email Accounts

Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network MPN accounts that were used for creating malicious OAuth applications as part of a phishing campaign designed to breach organizations' cloud environments and steal email. "The applications created by these fraudulen...

0.7AI score
Exploits0
MSRC
MSRC
added 2023/01/31 8:0 a.m.15 views

Microsoft Investigation - Threat actor consent phishing campaign abusing the verified publisher process

Summary Summary On December 15th, 2022, Microsoft became aware of a consent phishing campaign involving threat actors fraudulently impersonating legitimate companies when enrolling in the Microsoft Cloud Partner Program MCPP formerly known as Microsoft Partner Network MPN. The actor used fraudule...

2.6AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/09/22 4:0 p.m.33 views

Malicious OAuth applications abuse cloud email services to spread spam

Microsoft researchers recently investigated an attack where malicious OAuth applications were deployed on compromised cloud tenants and then used to control Exchange Online settings and spread spam. The investigation revealed that the threat actor launched credential stuffing attacks against...

0.1AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2022/09/22 4:0 p.m.28 views

Malicious OAuth applications abuse cloud email services to spread spam

Microsoft researchers recently investigated an attack where malicious OAuth applications were deployed on compromised cloud tenants and then used to control Exchange Online settings and spread spam. The investigation revealed that the threat actor launched credential stuffing attacks against...

0.1AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2021/07/14 5:0 p.m.37 views

Microsoft delivers comprehensive solution to battle rise in consent phishing emails

Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data. This blog offers a look into the...

0.2AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/07/14 5:0 p.m.31 views

Microsoft delivers comprehensive solution to battle rise in consent phishing emails

Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data. This blog offers a look into the...

0.2AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2020/10/05 6:0 p.m.39 views

3 ways Microsoft helps build cyber safety awareness for all

This tumultuous year has brought paradigm shifts across every facet of daily life. A global pandemic has pushed much of our lives online—work, school, entertainment, shopping, and socializing. But one thing remains unchanged: people everywhere share a common need for safety. Today, our need for...

7.3AI score
Exploits0
ThreatPost
ThreatPost
added 2020/07/09 9:3 p.m.55 views

Microsoft Warns on OAuth Attacks Against Cloud App Users

Against the backdrop of widespread remote working and the increased use of collaboration apps, attackers are ramping up application-based attacks that exploit OAuth 2.0, Microsoft is warning. OAuth is an open standard for access delegation, commonly used as a way for people to sign into services...

7.6AI score
Exploits0References7
Microsoft Secure
Microsoft Secure
added 2020/07/08 4:0 p.m.26 views

Protecting your remote workforce from application-based attacks like consent phishing

The global pandemic has dramatically shifted how people work. As a result, organizations around the world have scaled up cloud services to support collaboration and productivity from home. We’re also seeing more apps leverage Microsoft’s identity platform to ensure seamless access and integrated...

7AI score
Exploits0
Rows per page
Query Builder