Skip to content
The Nexus
SECURITYMay 19 · 11:30 UTCTHE HACKER NEWS[email protected] (The Hacker News)

The New Phishing Click: How OAuth Consent Bypasses MFA

A phishing-as-a-service platform called EvilTokens compromised over 340 Microsoft 365 organizations across five countries in just five weeks. The targets received a message asking them to enter a short code and complete their normal MFA challenge. This phishing attack bypassed multi-factor authentication.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this