Threat Post

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...
Dark Reading

Azure OAuth 2.0 Vulnerability Grabs Tokens

Omer Tsarfati and his team at security firm CyberArk are now finally able to discuss a major OAuth 2.0 vulnerability that affects Microsoft Azure web services which they have been sitting on since ...
CSO Online

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Proofpoint has warned about phishing campaigns abusing legitimate device authorization flow to bypass MFA and gain persistent ...

Push Security Uncovers “ConsentFix”: A New Class of Browser-Native Phishing Attack

ClickFix-style attack hijacks OAuth consent grants to take over Microsoft accounts, bypassing passwords, passkeys and MFA LONDON--(BUSINESS WIRE)--BLACK HAT, EUROPE — (Booth #305) — Push Security, a ...