Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...

Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. The campaigns were discovered by ...

Microsoft Corp. on Tuesday detailed three hacking campaigns that made use of OAuth, a technology commonly used to let workers log into business applications with their Microsoft and Google accounts.

Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism. Attackers trick victims into entering a device code on ...

Security researchers warn that threat groups are exploiting Microsoft's OAuth device code authentication to bypass multi-factor protection and hijack enterprise accounts. The technique, with ...

Proofpoint observed campaigns impersonating trusted brands like SharePoint and DocuSign with malicious OAuth applications to get into Microsoft 365 accounts. Threat actors have cooked up a clever way ...

Threat actors are abusing organizations' weak authentication practices to create and exploit OAuth applications, often for financial gain, in a string of attacks that include various vectors, ...

Microsoft says its Threat Intelligence team has been observing financially motivated attacks and scams using OAuth apps as automation tools. In a new post, the team explained how threat actors have ...