Microsoft warns of OAuth phishing campaigns able to bypass email and browser defenses - says 'these campaigns demonstrate that this abuse is operational, not th…

In recently spotted attacks, the crooks would send phishing emails to government and public sector organizations, usually ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.