Scam looks to trick users into authorizing a malicious web app and give it keys to your Microsoft 365 kingdom.

Azure can yield very powerful tokens while Google limits scopes, reducing the blast radius. Register for Huntress Labs' Live Hack to see live Microsoft 365 attack demos, explore defensive tactics, and ...

Omer Tsarfati and his team at security firm CyberArk are now finally able to discuss a major OAuth 2.0 vulnerability that affects Microsoft Azure web services which they have been sitting on since ...

Microsoft Corp. on Tuesday detailed three hacking campaigns that made use of OAuth, a technology commonly used to let workers log into business applications with their Microsoft and Google accounts.

CoPhish uses Copilot Studio agents to phish OAuth tokens via fake login flows Attackers exploit Microsoft domains to appear legitimate and access sensitive user data Mitigations include restricting ...

Threat actors deployed OAuth applications on compromised cloud tenants and then used them to control Exchange servers and spread spam. The news is the result of an investigation by Microsoft ...

Microsoft is warning that Office 365 customers are receiving phishing emails that aim to trick them into giving OAuth permissions to a bogus app that then lets attackers read and write emails.

Microsoft this week addressed findings by security researchers at Descope, who reported a "nOAuth" attack route that's present in some applications leveraging the Azure Active Directory service.