Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code ...

Threat Groups Hijack Microsoft 365 Accounts Using OAuth Device Code Exploit Security researchers warn that threat groups are ...

The surge in attempts to compromise Microsoft 365 accounts has been enabled by readily available phishing tools.

Attackers gain read-only permissions to snoop around Office 365 accounts, including emails, contacts and more. An APT known as TA2552 has been spotted using OAuth2 or other token-based authorization ...

Attackers are targeting Microsoft Office 365 users with a Coinbase-themed attack, aiming to take control of their inboxes via OAuth. Office 365 users are receiving emails purporting to come from ...

A trio of ongoing campaigns have highlighted once again the continued popularity among cybercriminals of malicious OAuth apps as a go-to attack method. In one wave of recent attacks, threat actors ...

Proofpoint observed campaigns impersonating trusted brands like SharePoint and DocuSign with malicious OAuth applications to get into Microsoft 365 accounts. Threat actors have cooked up a clever way ...

Microsoft 365 Defender researchers have disrupted the cloud-based infrastructure used by scammers behind a recent large-scale business email compromise (BEC) campaign. The attackers compromised their ...