#oauth-20

[ follow ]
#device-code-phishing #mfa-bypass #microsoft-365 #account-compromise #localhost-callback #clidesktop-apps
Information security
fromComputerworld
6 hours ago

New phishing campaign tricks employees into bypassing Microsoft 365 MFA

Attackers trick employees into registering a hacker-controlled device via OAuth device authorization, granting persistent access to Microsoft accounts and bypassing MFA.
Node JS
fromHackernoon
6 months ago

How to Capture OAuth Callbacks in CLI and Desktop Apps with Localhost Servers | HackerNoon

Use a temporary localhost HTTP server to capture OAuth authorization codes for CLI and desktop apps, enabling native OAuth flows without a public-facing callback URL.
Growth hacking
fromTechzine Global
9 months ago

Hackers exploit OAuth 2.0 workflows to hijack accounts

Russian hackers exploit OAuth 2.0 to gain unauthorized access to Microsoft 365 accounts of organizations connected to Ukraine.
[ Load more ]