Security · 2h ago
New OAuth Attacks Hijack Microsoft 365 Accounts in Seconds
Attackers are using ConsentFix and ClickFix techniques to steal Microsoft 365 authentication tokens via fake OAuth prompts, bypassing MFA. The attacks trick users into granting permissions to malicious apps, allowing account takeover in seconds. Microsoft recommends enabling conditional access policies and reviewing app consent settings to mitigate the threat.
Meridian48 take
While these attacks exploit user trust in familiar OAuth flows, the real story is how easily MFA can be circumvented when users are conditioned to click 'Allow' without scrutiny.
Read the full reporting
ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds →
Bleeping Computer
microsoft-365oauth-attacks