The New Phishing Click: How OAuth Consent Bypasses MFA | HappeningNow.news
Published Date: July 08, 2026

Cybersecurity · 5 views

The New Phishing Click: How OAuth Consent Bypasses MFA

In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live.

Source The Hacker News AI Summary Updated May 19, 2026
Story intelligence Beta
Freshness Stale Updated May 19, 2026
Confidence Limited Single-outlet story
Coverage Single outlet
Views 5 Community interest
Read time 1 min ~57 words

AI Summary

In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries.  The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had verified a

Read full article on The Hackernews

AI summaries can be wrong sometimes—always verify important details using the source article.

More coverage on this topic

Eviltokens3 stories
View all Eviltokens coverage
SUPPORT HAPPENINGNOW · Independent AI News Intelligence
SUPPORTER MESSAGE

Enjoyed this article? Consider supporting HappeningNow to help keep independent AI-powered news analysis moving forward. Your contribution helps cover infrastructure, AI summaries, and continued platform development.

Support HappeningNow