Bleeping Computer

Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts

A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...
Infosecurity-magazine.com

OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...
Hosted on MSN

Threat groups hijack Microsoft 365 accounts using OAuth device code exploit

Security researchers warn that threat groups are exploiting Microsoft's OAuth device code authentication to bypass multi-factor protection and hijack enterprise accounts. The technique, with ...
Bleeping Computer

ConsentFix debrief: Insights from the new OAuth phishing attack

In December, the Push Security research team discovered and blocked a brand new attack technique that we coined ConsentFix. This technique merged ClickFix-style social engineering with OAuth consent ...