Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take ...

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...

While some of the campaigns have been found to leverage the technique to deliver malware, others send users to pages hosted ...

Microsoft uncovers OAuth phishing campaigns that abuse login redirects to deliver malware and steal credentials.

Microsoft has warned that fraudulent Microsoft Partner Network (MPN) accounts were used in a phishing campaign that featured bogus apps that tricked victims into granting them permissions to access ...

Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining. OAuth (short for Open ...

Threat actors are abusing organizations' weak authentication practices to create and exploit OAuth applications, often for financial gain, in a string of attacks that include various vectors, ...

A trio of ongoing campaigns have highlighted once again the continued popularity among cybercriminals of malicious OAuth apps as a go-to attack method. In one wave of recent attacks, threat actors ...

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...