#oauthsecurityrisk — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #oauthsecurityrisk, aggregated by home.social.
-
OAuth Grants Expose Hidden Risk Below MFA Perimeter
In just five weeks, a phishing-as-a-service platform called EvilTokens compromised over 340 Microsoft 365 organizations across five countries by exploiting a clever trick: instead of stealing passwords, it convinced users to hand over OAuth refresh tokens, granting attackers long-term access to sensitive data like mailboxes, drives, and…
#OauthSecurityRisk #Phishingasaservice #MfaBypass #Eviltokens #Microsoft365