Microsoft warns OAuth redirect abuse in Entra ID can power phishing and malware delivery

Microsoft says attackers are abusing a normal OAuth redirect behavior in Microsoft Entra ID to send victims from trusted login pages to attacker-controlled sites. The technique does not steal OAuth tokens and does not break the OAuth standard. Instead, it forces an authorization error, then uses the redirect path to move the victim to a […] The post Microsoft warns OAuth redirect abuse in Entra ID can power phishing and malware delivery appeared first on VPN Central.