Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining. OAuth (short for Open ...

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...

Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations' cloud environments to steal email. In a ...

Microsoft says its Threat Intelligence team has been observing financially motivated attacks and scams using OAuth apps as automation tools. In a new post, the team explained how threat actors have ...

Microsoft has warned that fraudulent Microsoft Partner Network (MPN) accounts were used in a phishing campaign that featured bogus apps that tricked victims into granting them permissions to access ...

What happened A third iteration of the ConsentFix attack technique has been circulating on hacker forums, introducing automation and scalability to a method that abuses Microsoft Azure’s OAuth2 ...

Application-based attacks that use the passwordless “log in with…” feature common to cloud services are on the rise. Against the backdrop of widespread remote working and the increased use of ...

Attackers are deploying malicious OAuth applications on compromised cloud tenants, with the goal of taking over Microsoft Exchange Servers to spread spam. That's according to the Microsoft 365 ...

Microsoft Corp. on Tuesday detailed three hacking campaigns that made use of OAuth, a technology commonly used to let workers log into business applications with their Microsoft and Google accounts.