The FBI warns that Kali365 phishing attacks can bypass Microsoft 365 MFA by stealing OAuth session tokens through device code phishing.

Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages. The attacks target government and public-sector ...

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...

Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism. Attackers trick victims into entering a device code on ...

Proofpoint reports phishing surge abusing Microsoft OAuth 2.0 device code flow Victims enter codes on real Microsoft domains, granting attackers access tokens Proofpoint advises blocking device code ...

A new phishing kit is being offered on Telegram allowing even newbie hackers an easy way to grab OAuth tokens.

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...

Threat actors are abusing organizations' weak authentication practices to create and exploit OAuth applications, often for financial gain, in a string of attacks that include various vectors, ...

Organizations that have implemented the "Log in with Microsoft" feature in their Microsoft Azure Active Directory environments could potentially be vulnerable to an authentication bypass that opens ...

Proofpoint observed campaigns impersonating trusted brands like SharePoint and DocuSign with malicious OAuth applications to get into Microsoft 365 accounts. Threat actors have cooked up a clever way ...