New ConsentFix attack hijacks Microsoft accounts via Azure CLI

A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) ...

If You Get This Message, Your Microsoft Account Is Under Attack

Check Point explains that this new technique “tricks people into giving attackers access to their Microsoft accounts. The ...
Threat Post

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...

Push Security Uncovers "ConsentFix": A New Class of Browser-Native Phishing Attack

BLACK HAT, EUROPE -- (Booth #305) -- Push Security, a leader in browser-based detection and response, today announced the discovery of a new class of phishing attack that enables Microsoft account ...
Dark Reading

Azure OAuth 2.0 Vulnerability Grabs Tokens

Omer Tsarfati and his team at security firm CyberArk are now finally able to discuss a major OAuth 2.0 vulnerability that affects Microsoft Azure web services which they have been sitting on since ...