Bleeping Computer

New ConsentFix attack hijacks Microsoft accounts via Azure CLI

A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) ...
techtimes

Beware Microsoft Azure Users: AutoWarp Bug Can Allow Unauthorized Access to Your Accounts

Microsoft has recently fixed a bug on the Azure Automation service, granting attackers unpermitted access to customers' sensitive information. Further details have been disclosed by the Redmond giant ...
Bleeping Computer

Ongoing Microsoft Azure account hijacking campaign targets executives

A phishing campaign detected in late November 2023 has compromised hundreds of user accounts in dozens of Microsoft Azure environments, including those of senior executives. Hackers target executives' ...