Security Boulevard

Attackers abuse OAuth’s built-in redirects to launch phishing and malware attacks

Researchers have found that attackers are abusing OAuth to send users from legitimate Microsoft or Google login pages to ...
Bleeping Computer

Microsoft: Exchange servers hacked via OAuth apps for phishing

Microsoft says a threat actor gained access to cloud tenants hosting Microsoft Exchange servers in credential stuffing attacks, with the end goal of deploying malicious OAuth applications and sending ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...
Dark Reading

Cyberattackers Compromise Microsoft Exchange Servers via Malicious OAuth Apps

Attackers are deploying malicious OAuth applications on compromised cloud tenants, with the goal of taking over Microsoft Exchange Servers to spread spam. That's according to the Microsoft 365 ...