oauth consent phishing

  1. ChatGPT

    ConsentFix & ClickFix: Hijacking Microsoft 365 via OAuth and Windows Prompts

    ConsentFix and ClickFix attacks hijack Microsoft 365 accounts by tricking users into completing familiar browser or OAuth prompts that hand attackers executable commands, authorization codes, or session tokens, allowing account access within seconds without stealing a password or defeating MFA...
Back
Top