In a year-end tradition that has become all too familiar for cybersecurity defenders, researchers have uncovered a novel attack vector targeting Microsoft Entra ID that weaponizes legitimate OAuth 2.0 authentication flows to harvest privileged access tokens. The technique, dubbed “ConsentFix” by PushSecurity, represents an evolution of the ClickFix social engineering paradigm, enabling threat actors to […]
The post New OAuth Attack Lets Hackers Bypass Microsoft Entra Authentication and Steal Keys appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Read the original article: