Microsoft: Hackers abuse OAuth error flows to spread malware

Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.
gadgets360

Microsoft 365 Accounts Reportedly Breached After Hackers Exploit Legitimate Microsoft OAuth Feature

Attackers trick users into approving access on real Microsoft pages OAuth device code phishing surged sharply since September 2025 Both cybercriminals and state-linked actors reportedly use this ...
CSOonline

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...
Windows Report

Beware! Hackers Are Exploiting OAuth Device Code to Scam Microsoft 365 Users

Hackers are abusing a legitimate Microsoft authentication feature to break into enterprise Microsoft 365 accounts, even when multifactor authentication is enabled. Security researchers warn that ...
GitHub

Extract OAuth flow logic into reusable components for proxy use cases

Refactor OAuth implementation so the flow logic and state machine are usable by server-side proxy services, not just client-side browser flows. The SDK's OAuth implementation is designed for local ...
GitHub

MCP Toolset OAuth2 User Interaction Flow Defects

The current Google ADK Python implementation has critical defects in the MCP (Model Context Protocol) Toolset OAuth2 authentication flow that prevent proper user interaction during the authentication ...
Bleeping Computer

New CoPhish attack steals OAuth tokens via Copilot Studio agents

A new phishing technique dubbed 'CoPhish' weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains. The technique was ...
Cloud Security Alliance

When OAuth Tokens Go Rogue: Lessons from the Salesloft–Drift Breach

In August 2025, attackers exploited the Salesloft-Drift OAuth integration to compromise over 700 organizations’ Salesforce instances. This wasn’t a direct vulnerability in Salesforce, but rather an ...
Dark Reading

OAuth Abuse: The Threat of Illicit Consent Grants

Picture this: You invite a new friend over with the expectation of enjoying some time together and getting to know them better. But, instead of sitting quietly on your sofa, they rush off and start ...
Cloud Security Alliance

The Salesloft Drift OAuth Supply-Chain Attack: Cross-Industry Lessons in Third-Party Access Visibility

The August 2025 Salesloft Drift breach demonstrates a systemic security blind spot across all industries: third-party delegated access through OAuth integrations. Over 700 organizations — including ...