Threats Tagged 'oauth hijacking'
View all threats tagged with 'oauth hijacking'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'oauth hijacking'
Click on any threat for detailed analysis and mitigation recommendations
PHISH ALERT: Press Play for Compromise — Voicemail Phishing Kit Bundles SSO Hijacking, Credential Theft, and RMM Delivery 0 An advanced voicemail-themed phishing campaign is utilizing HTML attachments to hijack Microsoft 365 sessions through silent OAuth exploitation. Emails arrive spoofing legitimate businesses with fake voicemail notifications containing embedded HTML files. When victims click the play button, the kit triggers a rogue OAuth 2.0 request using the prompt=none parameter to steal authentication tokens from active M365 sessions. If no active session exists, victims are redirected to credential harvesters hosted on compromised infrastructure, specifically a Turkish domain hosting over 100 active campaign directories. The operation includes multiple attack vectors: fake login portals mimicking DocuSign, Outlook and Google, OAuth device code phishing interfaces, and RMM deployment disguised as document viewers. This represents a sophisticated Phishing-as-a-Service operation deploying concurrent attack types from consolidated infrastructure. Join the discussion | AlienVault OTX General | 06/10/2026, 10:57:37 UTC Added: 06/10/2026, 11:12:10 UTC |
Showing 1 to 1 of 1 result