VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

OAuth consent: a new phishing vector bypassing MFA

OAuth‑consent: новый вектор фишинга, обходящий MFA

Colleagues, I want to draw attention to a cybersecurity trend: phishing via OAuth consent is escalating into mass attacks.

In February 2026 PhaaS 'EvilTokens' compromised more than 340 Microsoft 365 organizations in five weeks. Users entered the code at microsoft.com/devicelogin and granted consent; attackers obtained refresh tokens for mail and OneDrive. No password was needed—MFA did not prevent the breach.

Key risks:
• OAuth grants leave no sign-in trace and can be refreshable.
• Toxic grant combinations link apps through a single identity.
• MCP/agents broaden the attack surface.

Why it matters: monitor and revoke tokens at the grant level, not just block accounts.

What measures have you implemented to control OAuth grants?

#cybersecurity #IdentitySecurity #OAuth #MFA

Latest comments

No comments yet.