Bleeping Computer

Hackers target Microsoft Entra accounts in device code vishing attacks

This grant flow was designed to make it easy to connect devices that lack accessible input options, such as IoT devices, printers, streaming devices, and TVs. "The Microsoft identity platform supports ...
Infosecurity-magazine.com

OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...
Bleeping Computer

ConsentFix v3 attacks target Azure with automated OAuth abuse

A new attack type, dubbed ConsentFix v3, has been circulating on hacker forums as an improved technique that automates attacks against Microsoft Azure. The first version of ConsentFix was presented by ...