home.social

#oauthsecurityrisk — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #oauthsecurityrisk, aggregated by home.social.

  1. OAuth Grants Expose Hidden Risk Below MFA Perimeter

    In just five weeks, a phishing-as-a-service platform called EvilTokens compromised over 340 Microsoft 365 organizations across five countries by exploiting a clever trick: instead of stealing passwords, it convinced users to hand over OAuth refresh tokens, granting attackers long-term access to sensitive data like mailboxes, drives, and…

    osintsights.com/oauth-grants-e

    #OauthSecurityRisk #Phishingasaservice #MfaBypass #Eviltokens #Microsoft365