CSOonline

Cybercrooks faked Microsoft OAuth apps for MFA phishing

Proofpoint observed campaigns impersonating trusted brands like SharePoint and DocuSign with malicious OAuth applications to get into Microsoft 365 accounts. Threat actors have cooked up a clever way ...
CSOonline

New phishing campaign tricks employees into bypassing Microsoft 365 MFA

Unwitting employees register a hacker’s device to their account; the crook then uses the resulting OAuth tokens to maintain persistent access. Another device code phishing campaign that abuses OAuth ...
ZDNet

Why MFA matters: These attackers cracked admin accounts then used Exchange to send spam

Microsoft has exposed a crafty case of OAuth app abuse that allowed the attackers to reconfigure the victim's Exchange server to send spam. The point of the elaborate attack was to make mass spam – ...

The attack dominating financial services doesn't steal passwords. It resets MFA and steals the token.

Credential theft fell to 13% of breach vectors in 2026. Attackers now bypass MFA via help desk resets and OAuth token theft.
Hosted on MSN

FBI warns of Kali phishing scam hitting Microsoft OAuth tokens

FBI flags Kali365, a phishing kit sold on Telegram which steals Microsoft 365 OAuth tokens and bypasses MFA Victims are tricked into entering device codes on legitimate Microsoft pages, unknowingly ...