Security Feed
  1. Archives

Dec 11 2025 New ConsentFix attack hijacks Microsoft accounts via Azure CLI

Source

A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) verifications. [...]

Posted by Bill Toulas on Thu 11 December 2025 in BleepingComputer.

Tags: Security, Microsoft.

Categories

  1. Ars Technica
  2. AWS Security
  3. BleepingComputer
  4. Brian Krebs
  5. Bruce Schneier
  6. GCP Security
  7. Google Project Zero
  8. The Daily Swig
  9. The Guardian
  10. The Register
  11. Threatpost

Tag cloud

  • Security
  • Uncategorized
  • Security, Identity, & Compliance
  • Security Blog
  • Biz & IT
  • Microsoft
  • Security & Identity
  • AI
  • Google
  • CryptoCurrency
  • Announcements
  • Foundational (100)
  • A Little Sunshine
  • Legal
  • Artificial Intelligence
  • Mobile
  • privacy
  • Apple
  • squid
  • Intermediate (200)
  • Advanced (300)
  • The Coming Storm
  • Technical How-to
  • hacking
  • vulnerabilities

Security Feed. Powered by Pelican and m.css. Code is available on GitLab.