Microsoft: Hackers abuse OAuth error flows to spread malware

Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages.
The Hacker News

Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets

While some of the campaigns have been found to leverage the technique to deliver malware, others send users to pages hosted on phishing frameworks such as EvilProxy, which act as an ...

Fake Google Security site uses PWA app to steal credentials, MFA codes

A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time ...
CSO Online

OAuth phishers make ‘check where the link points’ advice ineffective

Microsoft has identified a phishing campaign using malformed links to legitimate OAuth services to redirect to malware ...
Cloud Security Alliance

AI Security: When Authorization Outlives Intent

A silent 2025 SaaS breach shows how dormant tokens enable access and authorization drift in AI systems, pushing durable, short-lived credentials with real-time checks.
The Verge

Microsoft fixes Notepad flaw that could trick users into clicking malicious Markdown links

Bad actors could use the flaw to remotely load and execute malicious files on a victim’s computer. Bad actors could use the flaw to remotely load and execute malicious files on a victim’s computer. is ...
Geeky Gadgets

ChatGPT 5.3 Codex Moves Ahead on Code, While Claude’s 4.6 AI Banks on Reliability

What if the future of coding wasn’t just faster, but smarter, safer, and more collaborative than ever before? In this walkthrough, Better Stack shows how the latest advancements in AI coding models, ...
WeLiveSecurity

Award-winning news, views, and insight from the ESET security community

Start using a new app and you’ll often be asked to grant it permissions. But blindly accepting them could expose you to serious privacy and security risks. Faking it on the phone: How to tell if a ...