Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network (MPN) accounts that were used for creating malicious OAuth applications as part of a malicious campaign designed to breach organizations’ cloud environments and steal email.
“The applications created by these fraudulent actors were then used in a consent phishing campaign, which tricked users into granting
Source: Google Hacker News
Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Breach Corporate Email Accounts
