#oauth-20
#oauth-20

[ follow ]

New phishing campaign tricks employees into bypassing Microsoft 365 MFA

Attackers trick employees into registering a hacker-controlled device via OAuth device authorization, granting persistent access to Microsoft accounts and bypassing MFA.

Node JS

fromHackernoon

7 months ago

How to Capture OAuth Callbacks in CLI and Desktop Apps with Localhost Servers | HackerNoon

Use a temporary localhost HTTP server to capture OAuth authorization codes for CLI and desktop apps, enabling native OAuth flows without a public-facing callback URL.

Growth hacking

fromTechzine Global

10 months ago

Hackers exploit OAuth 2.0 workflows to hijack accounts

Russian hackers exploit OAuth 2.0 to gain unauthorized access to Microsoft 365 accounts of organizations connected to Ukraine.

[ Load more ]

#oauth-20#oauth-20

New phishing campaign tricks employees into bypassing Microsoft 365 MFA

How to Capture OAuth Callbacks in CLI and Desktop Apps with Localhost Servers | HackerNoon

Hackers exploit OAuth 2.0 workflows to hijack accounts

#oauth-20
#oauth-20