THURSDAY, JULY 2, 2026 48° E  /  GLOBAL TECH · SUMMARISED SUBSCRIBE
AI, business, devices, policy — global tech, summarised every 30 minutes.
Security · 2h ago

New OAuth Attacks Hijack Microsoft 365 Accounts in Seconds

By Meridian48 News Desk · Summarised from Bleeping Computer ·

Attackers are using ConsentFix and ClickFix techniques to steal Microsoft 365 authentication tokens via fake OAuth prompts, bypassing MFA. The attacks trick users into granting permissions to malicious apps, allowing account takeover in seconds. Microsoft recommends enabling conditional access policies and reviewing app consent settings to mitigate the threat.

Meridian48 take
While these attacks exploit user trust in familiar OAuth flows, the real story is how easily MFA can be circumvented when users are conditioned to click 'Allow' without scrutiny.
Read the full reporting
ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds →
Bleeping Computer
microsoft-365oauth-attacks
More security briefs
Go deeper on security
AllAIStartupsBusinessDevicesPolicySecurityDev ToolsPakistan