14 matches found
The New Phishing Click: How OAuth Consent Bypasses MFA
In February 2026, a phishing-as-a-service PhaaS platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogi...
Would You Click ‘Accept’? Automatically detecting malicious Azure OAuth applications using LLMs
How Wiz Research automates detection of emerging malicious Azure app and consent phishing campaigns...
6 Browser-Based Attacks Security Teams Need to Prepare For Right Now
Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we'll explore what a "browser-based attack" is, and why they're proving to be so effective. What is a browser-based attack? First, it's important to establish what a browser-based...
Microsoft の調査 – 検証済みの発行者確認を悪用する脅威アクターの同意フィッシング キャンペーンについて
本ブログは、Microsoft Investigation – Threat actor consent phishing campaign abusing the verified publisher process の抄訳版です。最新の情報は原文を参照してくださ...
Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Breach Corporate Email Accounts
Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network MPN accounts that were used for creating malicious OAuth applications as part of a phishing campaign designed to breach organizations' cloud environments and steal email. "The applications created by these fraudulen...
Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Breach Corporate Email Accounts
Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network MPN accounts that were used for creating malicious OAuth applications as part of a phishing campaign designed to breach organizations' cloud environments and steal email. "The applications created by these fraudulen...
Microsoft Investigation - Threat actor consent phishing campaign abusing the verified publisher process
Summary Summary On December 15th, 2022, Microsoft became aware of a consent phishing campaign involving threat actors fraudulently impersonating legitimate companies when enrolling in the Microsoft Cloud Partner Program MCPP formerly known as Microsoft Partner Network MPN. The actor used fraudule...
Malicious OAuth applications abuse cloud email services to spread spam
Microsoft researchers recently investigated an attack where malicious OAuth applications were deployed on compromised cloud tenants and then used to control Exchange Online settings and spread spam. The investigation revealed that the threat actor launched credential stuffing attacks against...
Malicious OAuth applications abuse cloud email services to spread spam
Microsoft researchers recently investigated an attack where malicious OAuth applications were deployed on compromised cloud tenants and then used to control Exchange Online settings and spread spam. The investigation revealed that the threat actor launched credential stuffing attacks against...
Microsoft delivers comprehensive solution to battle rise in consent phishing emails
Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data. This blog offers a look into the...
Microsoft delivers comprehensive solution to battle rise in consent phishing emails
Microsoft threat analysts are tracking a continued increase in consent phishing emails, also called illicit consent grants, that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data. This blog offers a look into the...
3 ways Microsoft helps build cyber safety awareness for all
This tumultuous year has brought paradigm shifts across every facet of daily life. A global pandemic has pushed much of our lives online—work, school, entertainment, shopping, and socializing. But one thing remains unchanged: people everywhere share a common need for safety. Today, our need for...
Microsoft Warns on OAuth Attacks Against Cloud App Users
Against the backdrop of widespread remote working and the increased use of collaboration apps, attackers are ramping up application-based attacks that exploit OAuth 2.0, Microsoft is warning. OAuth is an open standard for access delegation, commonly used as a way for people to sign into services...
Protecting your remote workforce from application-based attacks like consent phishing
The global pandemic has dramatically shifted how people work. As a result, organizations around the world have scaled up cloud services to support collaboration and productivity from home. We’re also seeing more apps leverage Microsoft’s identity platform to ensure seamless access and integrated...