New ConsentFix attack hijacks Microsoft accounts via Azure CLI

Published on December 11, 2025

A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) verifications. [...]

Continue reading on website
Other news

AI is accelerating cyberattacks. Is your network prepared?

December 11, 2025
AI-driven attacks now automate reconnaissance, generate malware variants, and evade detection at a speed that overwhelms traditional defenses. Corelight explains how network detection and response (NDR) provides the visibility and behavioral insights SOC teams need to spot and stop these fast-moving threats. [...]

Microsoft bounty program now includes any flaw impacting its services

December 11, 2025
Microsoft now pays security researchers for finding critical vulnerabilities in any of its online services, regardless of whether the code was written by Microsoft or a third party. [...]