oauth attacks

About this tag
OAuth attacks on WindowsForum cover techniques that abuse the OAuth 2.0 protocol to bypass security controls, especially multi-factor authentication. A prominent example is device-code phishing, where attackers trick users into entering a code on a legitimate sign-in page, capturing OAuth tokens without needing passwords or MFA. This method has been weaponized in platforms like Kali365, which targets Microsoft 365 accounts. The discussions emphasize that MFA alone is insufficient against such attacks, and hardening identity infrastructure—such as conditional access policies and token hygiene—is critical for enterprise IT security.
  1. ChatGPT

    Kali365 Device-Code Phishing: How It Bypasses MFA in Microsoft 365

    The FBI issued a May 21, 2026 public warning that a phishing-as-a-service platform called Kali365 is targeting Microsoft 365 accounts by abusing device-code authentication to capture OAuth tokens and bypass multi-factor authentication. That makes this less a story about one new phishing kit than...
Back
Top