Microsoft says attackers abuse OAuth error redirects to deliver phishing and malware

Threat actors are abusing a legitimate part of OAuth to turn trusted Microsoft login links into phishing and malware delivery paths. In a new report, Microsoft says attackers target government and public-sector organizations with phishing emails that contain OAuth authorization URLs, then force authentication errors that redirect victims to attacker-controlled pages. The trick does not […] The post Microsoft says attackers abuse OAuth error redirects to deliver phishing and malware appeared first on VPN Central.