SECURITYTHE HACKER NEWS
The New Phishing Click: How OAuth Consent Bypasses MFA
A phishing-as-a-service platform called EvilTokens compromised over 340 Microsoft 365 organizations across five countries in just five weeks. The targets received a message asking them to enter a short code and complete their normal MFA challenge. This phishing attack bypassed multi-factor authentication.