Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets

Published: 2 days ago (March 3, 2026 at 04:20 AM EST)

1 min read

Source: The Hacker News

Overview

Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers.

The activity, the company said, targets government and public‑sector organizations with the end goal of redirecting victims to attacker‑controlled infrastructure without stealing their tokens. It described…

Back to Blog

Europol-coordinated action disrupts Tycoon2FA phishing platform

!https://www.bleepstatic.com/content/hl-images/2024/05/13/Phishing.jpg Operation Overview An international law‑enforcement operation coordinated by Europol disr...

Microsoft: Hackers abuse OAuth error flows to spread malware

!https://www.bleepstatic.com/content/hl-images/2024/05/13/Phishing.jpg Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protect...

Hacked App Part of US/Israeli Propaganda Campaign Against Iran

Wired has the storyhttps://www.wired.com/story/hacked-prayer-app-sends-surrender-messages-to-iranians-amid-israeli-strikes/?_sp=cac71a7f-c88a-42bc-b4ca-23c1ce88...

Fake LastPass support email threads try to steal vault passwords

!https://www.bleepstatic.com/content/hl-images/2024/04/11/LastPass-headpic.jpg Phishing campaign overview Password management software provider LastPass is warn...

Overview

Related posts

Europol-coordinated action disrupts Tycoon2FA phishing platform

Microsoft: Hackers abuse OAuth error flows to spread malware

Hacked App Part of US/Israeli Propaganda Campaign Against Iran

Fake LastPass support email threads try to steal vault passwords