The New Phishing Click: How OAuth Consent Bypasses MFA

Updated on May 19, 2026

In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries.

The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had verified a…

Read the rest of the story at Read More

Source: The Hacker News

October 9, 2024 Uncategorized

Researchers Uncover Major Security Vulne...

March 27, 2025 Uncategorized

CISA Warns of Sitecore RCE Flaws; Active...

November 21, 2025 Uncategorized

The New Phishing Click: How OAuth Consent Bypasses MFA

Related posts

Researchers Uncover Major Security Vulne...

CISA Warns of Sitecore RCE Flaws; Active...

Google Brings AirDrop Compatibility to A...

Leave a Comment Cancel reply

Recent News

GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories

Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps

DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability

The New Phishing Click: How OAuth Consent Bypasses MFA

Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare

SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access

Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer

GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests