Threat actors are increasingly including malicious OAuth apps in their campaigns to break into cloud-based systems and applications. To address this growing problem, Microsoft is adding automated ...
Cybercriminals have launched a widespread phishing campaign exploiting Microsoft's OAuth device code flow to bypass MFA and ...
Threat Groups Hijack Microsoft 365 Accounts Using OAuth Device Code Exploit Security researchers warn that threat groups are ...
Proofpoint has warned about phishing campaigns abusing legitimate device authorization flow to bypass MFA and gain persistent ...
Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...
Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations' cloud environments to steal email. In a ...
Microsoft says a threat actor gained access to cloud tenants hosting Microsoft Exchange servers in credential stuffing attacks, with the end goal of deploying malicious OAuth applications and sending ...
Microsoft is warning that Office 365 customers are receiving phishing emails that aim to trick them into giving OAuth permissions to a bogus app that then lets attackers read and write emails.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback