Tag
8 articles covering OAuth across campaign analysis, detection engineering, and defender tradecraft.
Field Analysis
An FBI-flagged phishing-as-a-service kit rents Microsoft 365 token theft for $250 a month, packaging device-code and OAuth abuse into a point-and-click dashboard that defeats MFA without a fake login page.
Read more:FBI IC3Malwarebytes
Field Analysis
A static permission review cannot catch a trusted integration whose token is later stolen or whose behavior changes.
Read more:The Hacker NewsMicrosoft Learn
Field Analysis
Restricting new consent is only half the work. Existing app grants need review, ownership, and a path to removal when risk changes.
Read more:Microsoft LearnMicrosoft Learn
Field Analysis
The Salesloft Drift incident showed how a trusted integration token can become an access path into customer SaaS data without a fresh user login.
Read more:The Hacker NewsThe Hacker News
Field Analysis
Persistent OAuth grants let third-party apps keep operating after the original login, password reset, or employee lifecycle event has faded from view.
Read more:The Hacker NewsMicrosoft Learn
Field Analysis
Device code phishing turns a legitimate OAuth flow into a credential-free token theft technique. Here is how it runs end-to-end and what defenders can hunt on in Sentinel and Defender XDR.
Read more:Microsoft Security BlogIETF
Field Analysis
Attackers are blending push prompts, urgent collaboration lures, and identity fatigue to move users from suspicion to accidental approval.
Read more:The Hacker NewsThe Hacker News
Field Analysis
OAuth app grants accumulate over time, and stale consent can become a hidden access path when vendors, users, or integrations are later compromised.
Read more:Microsoft LearnThe Hacker News