Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.

Hackers target Microsoft Entra accounts in device code vishing attacks

Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device ...
Forbes

Microsoft Issues Mandatory 2FA Login Deadline Alert

Microsoft's public cloud computing platform, Azure, was recently targeted by a cyberattack that led to a multi-hour outage. While a newly announced mandatory two-factor authentication login ...
Neowin

Microsoft 365 will soon disable outdated authentication protocols for file access0 0

Microsoft has announced that it is getting rid of some legacy authentication protocols that are used to access files across Microsoft 365 and SharePoint. On a fairly regular basis, Microsoft disables ...

Microsoft joins FIDO to search for new password replacing technology

Microsoft has now joined the FIDO Alliance (Fast IDentity Online) which is actively trying to develop a new authentication ecosystem that can be used in place of passwords. There are various methods ...
Bleeping Computer

New downgrade attack can bypass FIDO auth in Microsoft Entra ID

Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and ...