CSOonline

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...
Infosecurity-magazine.com

OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...
InfoWorld

A practical guide to React Native authentication

Using React Native authentication to verify user identities is a relatively painless and straightforward process that not only protects your company’s data and your user’s privacy, but also improves ...
Finanznachrichten

Push Security Uncovers "ConsentFix": A New Class of Browser-Native Phishing Attack

ClickFix-style attack hijacks OAuth consent grants to take over Microsoft accounts, bypassing passwords, passkeys and MFA BLACK HAT, EUROPE (Booth #305) Push Security, a leader in browser-based ...