Cyber Security

The New Phishing Click: How OAuth Consent Bypasses MFA

The New Phishing Click: How OAuth Consent Bypasses MFA
In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries.  The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had verified a
Read More

Related Posts

Canonical ships Ubuntu Core 26 with 15 years of security maintenance

Canonical ships Ubuntu Core 26 with 15 years of securit...

iProov brings identity verification to video meetings to reduce fraud risks

iProov brings identity verification to video meetings t...

GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials

GitHub Actions Supply Chain Attack Redirects Tags to St...

Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare

Drupal to Release Urgent Core Security Updates on May 2...

New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain

New macOS infostealer impersonates Apple, Microsoft, an...

Earbud sensors can authenticate users by their heartbeat, study finds

Earbud sensors can authenticate users by their heartbea...