The attacks are similar to those reported years ago, indicating that OAuth apps remain an effective way to hijack Microsoft 365 accounts without stealing credentials. Users are advised to be ...

Phishing attackers bypassed Microsoft's verified publisher checks to create apps that dupe victims into granting access to their online accounts.

Proofpoint observed campaigns impersonating trusted brands like SharePoint and DocuSign with malicious OAuth applications to get into Microsoft 365 accounts.

Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations' cloud environments to steal email.

Proofpoint discovers threat actors targeting verified status in the Microsoft environment to abuse OAuth privileges and lure users into authorizing malicious apps.