Security
Headlines
HeadlinesLatestCVEs

Headline

Microsoft Investigation - Threat actor consent phishing campaign abusing the verified publisher process

Summary Summary On December 15th, 2022, Microsoft became aware of a consent phishing campaign involving threat actors fraudulently impersonating legitimate companies when enrolling in the Microsoft Cloud Partner Program (MCPP) (formerly known as Microsoft Partner Network (MPN)). The actor used fraudulent partner accounts to add a verified publisher to OAuth app registrations they created in Azure AD.

msrc-blog
#microsoft#git#oauth#auth

msrc-blog: Latest News

Congratulations to the Top MSRC 2024 Q3 Security Researchers!