{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreieazwltm5qj52iiqek7zytv4yarg5y3tvtymxt5gs5mksq3mwcfcm",
    "uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3mm7iyq3kik22"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreia32ency3f5ty5hmq2dzylmadgat5cfzpqm5xgo63eiljsimzvyzu"
    },
    "mimeType": "image/jpeg",
    "size": 212545
  },
  "path": "/2026/05/the-new-phishing-click-how-oauth.html",
  "publishedAt": "2026-05-19T11:30:00.000Z",
  "site": "https://thehackernews.com",
  "textContent": "In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had verified a",
  "title": "The New Phishing Click: How OAuth Consent Bypasses MFA"
}