TechSecInfo

The tech + cyber briefing: what happened, why it matters, and where it came from.

Cyber Security

The New Phishing Click: How OAuth Consent Bypasses MFA

By rooter

In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. 

The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had verified a

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

By rooter

Related Post

Cyber Security

Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare

rooter
Cyber Security

SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access

rooter
Cyber Security

Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer

rooter

Leave a Reply

You Missed

News

‘The Mandalorian and Grogu’ Is Not the Way for ‘Star Wars’

News

FTC’s Strict Anti-Deepfake Rule Kicks in Today. Here’s What That Means for Grok

News

Nintendo keeps finding new ways to reinvent platformers

News

Microsoft launches Surface Pro 12 and Surface Laptop 8 with Intel chips