A new active phishing attack that exploits OAuth’s legitimate redirection behavior, allowing it to bypass traditional email and browser defenses without stealing any tokens. According to Microsoft Defender researchers, the campaigns primarily target government and public-sector organizations, using trusted identity provider domains to mask malicious redirects. Unlike traditional phishing that relies on credential theft or […] The post Microsoft Warns of New Phishing Attack Exploiting OAuth in Entra ID to Evade Detection appeared first on Cyber Security News.