It seems that OAuth phishing attacks are back, I thought the approval process setup by Google and Microsoft killed that. Any idea how these attacks are bypassing the process? #infosec
https://www.microsoft.com/en-us/security/blog/2026/03/02/oauth-redirection-abuse-enables-phishing-malware-delivery/
Etienne / Tek
npub17f…uklzl
2026-03-05 12:48:28 UTC
Author Public Key
npub17fkjysdfs2qtv8g8mj90k879vfdehr52tr6epaynvwfxx2xetzdquuklzlSeen on
wss://relay.momostr.pinkPublished at
2026-03-05 12:48:28 UTCEvent JSON
{
"id": "5211dce348617ba5bb8ef23823be184d6a20bd65d7d9af83737b956fff25b9ca",
"pubkey": "f26d2241a98280b61d07dc8afb1fc5625b9b8e8a58f590f49363926328d9589a",
"created_at": 1772714908,
"kind": 1,
"tags": [
[
"t",
"infosec"
],
[
"proxy",
"https://todon.eu/@tek/116176644217332962",
"web"
],
[
"proxy",
"https://todon.eu/users/tek/statuses/116176644217332962",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://todon.eu/users/tek/statuses/116176644217332962",
"pink.momostr"
],
[
"-"
]
],
"content": "It seems that OAuth phishing attacks are back, I thought the approval process setup by Google and Microsoft killed that. Any idea how these attacks are bypassing the process? #infosec \nhttps://www.microsoft.com/en-us/security/blog/2026/03/02/oauth-redirection-abuse-enables-phishing-malware-delivery/",
"sig": "999fcbcb974e637e697162284e889eb2ea26e71e10259abb4204d5b0925d736502828f4156b1d650ba38e996203a05af817e08fe0478ad5196f492d78df46c53"
}