Information security
fromThe Hacker News
6 hours agoThe New Phishing Click: How OAuth Consent Bypasses MFA
EvilTokens used OAuth consent to steal refresh tokens, bypassing MFA and avoiding sign-in detection by exploiting routine user clicks on microsoft.com/devicelogin.