You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
oauth attacks
About this tag
OAuth attacks on WindowsForum cover techniques that abuse the OAuth 2.0 protocol to bypass security controls, especially multi-factor authentication. A prominent example is device-code phishing, where attackers trick users into entering a code on a legitimate sign-in page, capturing OAuth tokens without needing passwords or MFA. This method has been weaponized in platforms like Kali365, which targets Microsoft 365 accounts. The discussions emphasize that MFA alone is insufficient against such attacks, and hardening identity infrastructure—such as conditional access policies and token hygiene—is critical for enterprise IT security.
The FBI issued a May 21, 2026 public warning that a phishing-as-a-service platform called Kali365 is targeting Microsoft 365 accounts by abusing device-code authentication to capture OAuth tokens and bypass multi-factor authentication. That makes this less a story about one new phishing kit than...