oauth phishing

Security researchers have discovered a sophisticated new phishing variant — dubbed ConsentFix — that weaponizes trusted Microsoft OAuth flows and the Azure Command-Line Interface (Azure CLI) to take over Microsoft accounts without passwords, without directly bypassing multi-factor authentication...

Tokens are the skeleton keys of modern digital systems — small opaque strings that grant access, carry identity claims, and enable automation — and they are now one of the most attractive targets for attackers across enterprise clouds, endpoints, AI systems, APIs, and decentralized finance...

Token security has moved from a background concern to a front‑line risk for every organization that relies on cloud identity, web APIs, AI services, or decentralized finance—attackers are weaponizing tokens to bypass multi‑factor authentication, impersonate administrators, and drain liquidity...

Microsoft Copilot Studio agents can be weaponized to deliver highly convincing OAuth consent phishing that results in stolen tokens and persistent account access — a technique researchers have labelled “CoPhish” that leverages legitimate Microsoft-hosted agent pages to evade traditional...

Microsoft’s Copilot Studio can be weaponized to steal OAuth tokens — an attack chain Datadog Security Labs has dubbed “CoPhish” — by hosting malicious agents on Microsoft domains and using the agents’ built‑in sign‑in workflows to deliver convincing OAuth consent prompts that exfiltrate tokens...

Microsoft’s Copilot Studio has been weaponized in a new OAuth phishing technique — branded “CoPhish” by researchers — that uses legitimate Microsoft-hosted Copilot Studio agents to present convincing sign-in prompts, harvest OAuth tokens, and enable account takeover or broad Graph API access...

A new wave of deception against Microsoft cloud customers has pulled back the curtain on how easily visual trust can be weaponized: attackers have been able to register malicious Azure applications that look identical to Microsoft services such as Azure Portal and Microsoft Teams by hiding...

An alarming surge in sophisticated hacker activity is threatening the security of Microsoft accounts worldwide, with cybercriminals successfully bypassing even advanced defenses such as two-factor authentication. Security researchers at Proofpoint have unearthed an ingenious credential phishing...

Phishing campaigns have always shaped themselves around the contours of new technology, but the latest surge targeting Microsoft OAuth applications marks a seismic shift in both attacker strategy and the effectiveness of their exploits. In 2025, security researchers uncovered a wave of hybrid...

Phishing campaigns have always evolved in tandem with advances in enterprise security, but the latest wave targeting Microsoft OAuth applications represents a stunning leap in both sophistication and effectiveness. This ongoing campaign, first identified in early 2025, exemplifies a new breed of...

In the rapidly evolving digital landscape, Microsoft 365 has become a cornerstone for organizational productivity, offering a suite of tools that facilitate communication, collaboration, and data management. However, its widespread adoption has also made it a prime target for cyber threats...

Identity-based cyberattacks have rapidly emerged as one of the most pressing security challenges facing organizations in 2024 and beyond. As digital transformation accelerates, shifting workforces to remote and hybrid models and driving deeper cloud adoption, the boundaries that once defined...

There’s a certain poetic irony in the fact that OAuth 2.0—a framework specifically engineered to keep our digital lives safe from password theft—is now being bent and twisted by Russian hackers to hijack entire Microsoft 365 accounts. If that isn’t progress in the field of offensive...

Windows users and IT professionals need to take extra caution as attackers continuously refine their phishing playbook. Recent reports reveal that sophisticated adversaries are leveraging vulnerabilities in OAuth 2.0 redirection flows to target Microsoft 365 environments. In these OAuth-themed...