ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
By
Sponsored by Huntress Labs
2d ago
Source
BleepingComputerConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Secondsbleepingcomputer.comConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA bypass tactics work and how to defend against them. [...]
You might also wanna read
FBI warns of Kali365 phishing kit that bypasses multifactor authentication on Microsoft 365
The FBI has issued a public service announcement about a new phishing-as-a-service kit called Kali365, which allows criminals to hijack Micr
Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery
thehackernews.com·3d ago
FBI warns Kali365 phishing scam bypasses Microsoft 365 multi-factor authentication
The FBI has issued a warning about a new phishing scam called Kali365 that targets Microsoft 365 accounts. The scam allows hackers to bypass
ClickFix Malware Scam Goes Mainstream: Fake CAPTCHA Tests Trick Users Into Infecting Their PCs
The article reports on the "ClickFix" malware scam, a social engineering attack that tricks website visitors into pressing keyboard shortcut
krebsonsecurity.com·14d ago
Fake Claude Code Installers on Google Sites Steal Credentials via ClickFix Attack
Cybercriminals are exploiting the popularity of AI developer tools like Claude Code and OpenAI Codex by hosting fake installer pages on trus
cybersecuritynews.com·1mo agoBrowser-in-the-Browser phishing campaign targets Microsoft 365 users with fake OAuth login popups
Palo Alto Networks Unit 42 has identified a new Browser-in-the-Browser (BitB) phishing campaign targeting Microsoft 365 users. The attack us

Comments
Sign in to join the conversation.
No comments yet. Be the first.