Microsoft 365 credentials are now squarely in the crosshairs of a new, sophisticated cyberattack. In a campaign dubbed the ClickFix attack—as first reported by SC Media and detailed by BleepingComputer—the threat actors are using fake OAuth apps to pilfer sensitive credentials from government, healthcare, retail, and supply chain entities in both the United States and Europe. Here’s a deep dive into what’s happening, why it matters for Windows users, and how to protect your data from these...