ConsentFix Attack: New Phishing Bypasses MFA to Hijack Microsoft Accounts via OAuth Code
A new technique dubbed “ConsentFix” expands upon the already known ClickFix social engineering attack, enabling the hijacking of Microsoft accounts without passwords or multi-factor authentication. To achieve this, attackers exploit the legitimate Azure CLI...
