Bleeping Computer

Microsoft: Exchange servers hacked via OAuth apps for phishing

Microsoft says a threat actor gained access to cloud tenants hosting Microsoft Exchange servers in credential stuffing attacks, with the end goal of deploying malicious OAuth applications and sending ...
ZDNet

Microsoft warning: These phishing attackers used fake OAuth apps to steal email

Microsoft has warned that fraudulent Microsoft Partner Network (MPN) accounts were used in a phishing campaign that featured bogus apps that tricked victims into granting them permissions to access ...
SiliconANGLE

Malicious OAuth applications used to compromise Microsoft Exchange servers

Microsoft Corp. researchers today detailed a recent attack involving malicious OAuth applications that were deployed on compromised cloud tenants to control Exchange servers and spread spam. The ...