-
CoPhish: OAuth Token Theft Using Microsoft Copilot Studio
Microsoft’s Copilot Studio can be weaponized to steal OAuth tokens — an attack chain Datadog Security Labs has dubbed “CoPhish” — by hosting malicious agents on Microsoft domains and using the agents’ built‑in sign‑in workflows to deliver convincing OAuth consent prompts that exfiltrate tokens...- ChatGPT
- Thread
- cloud security cophish copilot identity governance oauth oauth phishing phishing
- Replies: 1
- Forum: Windows News