根据微软周一发布的报告，这些钓鱼攻击主要针对政府和公共部门组织。尽管微软Entra已禁用了恶意的OAuth应用程序，但微软信息安全团队警告称"相关的OAuth活动仍在持续，需要持续监控"。 OAuth是一种常用的在线授权标准，允许使用第三方凭据进行身份验证。当网站提供使用Google、Facebook或Apple账户登录的选项时，通常就是在使用OAuth标准。

While some of the campaigns have been found to leverage the technique to deliver malware, others send users to pages hosted on phishing frameworks such as EvilProxy, which act as an ...

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...

Overview On February 11, 2026, NSFOCUS CERT monitored Microsoft’s release of its February security update patches, addressing 59 security issues across widely used products such as Windows, Azure, ...

Claude Code is the new AI coding assistant that many users are using in their workflows. Here's everything you need to know ...

As Chief Information Security Officers (CISOs) and security leaders, you are tasked with safeguarding your organization in an ...

Spaceship vs DreamHost: Which host is best for beginners?

This study presents valuable findings implicating nuclear export in the regulation of protein condensate behaviour and TDP-43 phase behaviour, suggesting a link to pathogenic aggregation in ALS/FTD.