Microsoft Warns of Phishing Campaigns Using OAuth Redirection

Microsoft issued a warning on Monday about phishing campaigns leveraging phishing emails and OAuth URL redirection techniques to evade standard phishing defenses in email and browser security measures. The attacks specifically target government and public-sector organizations, aiming to redirect victims to attacker-controlled infrastructure without exfiltrating authentication tokens. No specific malware families, technical indicators, or CVE IDs were disclosed in the notice. The activity was attributed to unidentified threat actors, with no exact timeline or geographic scope provided beyond the sector focus. The primary impact involves bypassing security controls to facilitate unauthorized access or further compromise.