oauth

(3 articles)

June 3, 2026

Microsoft 365 Android Apps Leak Account Tokens

A leftover debug flag in Microsoft 365 Android apps lets any installed app steal account tokens. Here's what developers need to know and do now.

May 19, 2026

OAuth Consent Attacks: Bypassing MFA with Phishing

OAuth consent phishing lets attackers bypass MFA entirely by hijacking app permissions. Learn how the attack works and how to defend your users now.

May 2, 2026

ConsentFix v3: Automated OAuth Abuse Targets Azure

ConsentFix v3 automates OAuth phishing against Azure, bypassing MFA using Pipedream pipelines. Here's how the attack works and what developers must do now.