ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push ...

Learn how to design secure OAuth scopes and consent flows for enterprise applications. A complete guide for CTOs on API ...

Attackers gain read-only permissions to snoop around Office 365 accounts, including emails, contacts and more. An APT known as TA2552 has been spotted using OAuth2 or other token-based authorization ...

Attackers are targeting Microsoft Office 365 users with a Coinbase-themed attack, aiming to take control of their inboxes via OAuth. Office 365 users are receiving emails purporting to come from ...

LONDON, December 11, 2025--(BUSINESS WIRE)--BLACK HAT, EUROPE — (Booth #305) — Push Security, a leader in browser-based detection and response, today announced the discovery of a new class of phishing ...

Microsoft warns that with the shift to remote working, customers are exposed to additional security threats such as consent phishing, besides conventional credential theft and email phishing attacks.

Cybersecurity company Proofpoint on Tuesday described attacks that lulled users into authorizing permissions for malicious cloud apps because they may have trusted Microsoft's "Verified Publisher" ...

OAuth 2.0 authentication will be coming to Skype for Business phones, and that change will require IT pros to make some changes by July 1, 2019. If the changes aren't made by that date, then Skype for ...

Microsoft is warning that Office 365 customers are receiving phishing emails that aim to trick them into giving OAuth permissions to a bogus app that then lets attackers read and write emails.