Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages. […]
Tag: redirection
AI, Global Security News, Government & Policy, malware
Threat actors weaponize OAuth redirection logic to deliver malware
An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have revealed. The attackers are targeting government and public-sector organizations, and redirecting unsuspecting users from trusted login pages to their own infrastructure, to serve malware or capture login credentials. The attack, from the victim’s…