BleepingComputerFriday · July 3, 2026FREE

ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds

microsoft-365oauthphishingsecurity

BleepingComputer reports a novel attack vector targeting Microsoft 365 accounts, dubbed ConsentFix and ClickFix. The technique allows attackers to hijack accounts in as little as three seconds by exploiting OAuth consent phishing. The attack tricks users into granting permissions to malicious applications, thereby giving attackers access to the victim's account and data. The report highlights the speed and simplicity of the attack, emphasizing the risk to Microsoft 365 users.

// why it matters

Developers must be aware of OAuth consent phishing risks to prevent rapid account takeovers.

Sources

Primary · BleepingComputer
▸ Read original at bleepingcomputer.com

Like this? Get the next digest.