URL has been copied successfully!
The New Phishing Click: How OAuth Consent Bypasses MFA
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

The New Phishing Click: How OAuth Consent Bypasses MFA


Tags: , , ,

In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had verified a

First seen on thehackernews.com

Jump to article: thehackernews.com/2026/05/the-new-phishing-click-how-oauth.html

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Top 10 cybersecurity misconfigurations: Nail the setup to avoid attacks
  2. The 2024 cyberwar playbook: Tricks used by nation-state actors
  3. Privacy Roundup: Week 12 of Year 2025
  4. VoidProxy phishing-as-a-service operation steals Microsoft, Google login credentials