CyberSecurityBoard
Sponsor Register Login

Hackers Weaponizing OAuth Applications to Breach Accounts and Steal Data

OAuth applications are increasingly being exploited by hackers to gain unauthorized access to user accounts and sensitive data. This attack vector leverages the OAuth authorization framework, which is widely used for secure delegated access, to trick users into granting malicious apps permissions. Cybercriminals create fake or compromised OAuth apps that appear legitimate, convincing users to authorize them. Once authorized, these apps can access personal information, emails, contacts, and even corporate resources without needing passwords. The rise in OAuth-based attacks highlights the need for organizations and users to implement stricter app vetting, continuous monitoring, and user education on recognizing suspicious authorization requests. Enhanced security measures such as multi-factor authentication, OAuth app permission reviews, and limiting third-party app access can mitigate these risks. This article explores the tactics used by attackers, the impact on individuals and enterprises, and best practices to defend against OAuth exploitation.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 22 Oct 2025 21:25:17 +0000


Cyber News related to Hackers Weaponizing OAuth Applications to Breach Accounts and Steal Data

Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
2 years ago Microsoft.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 year ago Aws.amazon.com
Attackers Target Microsoft Accounts to Weaponize OAuth Apps - Threat actors are abusing organizations' weak authentication practices to create and exploit OAuth applications, often for financial gain, in a string of attacks that include various vectors, including cryptomining, phishing, and password spraying. ...
2 years ago Darkreading.com
Microsoft Disables Verified Partner Accounts Used for OAuth Phishing - Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations cloud environments to steal email. In a joint announcement between Microsoft and Proofpoint, ...
3 years ago Bleepingcomputer.com
Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns - Attackers are compromising high-privilege Microsoft accounts and abusing OAuth applications to launch a variety of financially-motivated attacks. OAuth is an open standard authentication protocol that uses tokens to grant applications access to ...
2 years ago Helpnetsecurity.com Hunters
Data thieves abuse Microsoft's 'verified publisher' status The Register - Miscreants using malicious OAuth applications abused Microsoft's "Verified publisher" status to gain access to organizations' cloud environments, then steal data and pry into to users' mailboxes, calendars, and meetings. According to researchers with ...
3 years ago Packetstormsecurity.com Lazarus Group
What Is OAuth 2.0? - Scope of Access: Before OAuth, the meal planning app might have access to data that the user did not actually wish to share. No Way to Revoke Access: Before OAuth, the user could not easily restrict or revoke the meal planning app's access to their ...
2 years ago Feeds.dzone.com
Five best practices for securing Active Directory service accounts - Windows Active Directory (AD) service accounts are prime cyber-attack targets due to their elevated privileges and automated/continuous access to important systems. To support software-specific functions, service accounts require elevated permissions ...
1 year ago Bleepingcomputer.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
2 years ago Securityboulevard.com
Hackers Abuse OAuth Applications to Automated Finacial Attacks - OAuth is an industry-standard protocol that allows third-party applications to access a user's data without exposing login credentials. This standard protocol facilitates secure authorization and authentication, commonly used to access resources on ...
2 years ago Cybersecuritynews.com
Money-grubbing crooks abuse OAuth apps for BEC, phishing The Register - Multiple miscreants are misusing OAuth to automate financially motivated cyber crimes - such as business email compromise, phishing, large-scale spamming campaigns - and deploying virtual machines to illicitly mine for cryptocurrencies, according to ...
2 years ago Go.theregister.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
2 years ago Securityzap.com
Microsoft: OAuth apps used to automate BEC and cryptomining attacks - Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining. OAuth is an open standard for granting apps secure delegated access to server ...
2 years ago Bleepingcomputer.com
Find hidden malicious OAuth apps in Microsoft 365 using Cazadora - Microsoft 365 environments are increasingly targeted by attackers leveraging malicious OAuth applications to gain unauthorized access and persist within organizations. These hidden OAuth apps can bypass traditional security controls, making detection ...
4 months ago Bleepingcomputer.com
Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Hack Corporate Email Accounts - Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network accounts that were used for creating malicious OAuth applications as part of a malicious campaign designed to breach organizations' cloud environments and steal email. ...
3 years ago Thehackernews.com
Latest Information Security and Hacking Incidents - User data security has grown critical in an era of digital transactions and networked apps. The misuse of OAuth applications is a serious danger that has recently attracted attention in the cybersecurity field. OAuth is a widely used authentication ...
2 years ago Cysecurity.news
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
2 years ago Bleepingcomputer.com APT29
Hackers Weaponizing OAuth Applications to Breach Accounts and Steal Data - OAuth applications are increasingly being exploited by hackers to gain unauthorized access to user accounts and sensitive data. This attack vector leverages the OAuth authorization framework, which is widely used for secure delegated access, to trick ...
4 months ago Cybersecuritynews.com APT29
CVE-2025-4143 - The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirect_uri was on the allowed list of redirect URIs for the given client registration. ...
10 months ago
CISA Warns of Compromised Microsoft Accounts - CISA issued a fresh CISA emergency directive in early April instructing U.S. federal agencies to mitigate risks stemming from the breach of numerous Microsoft corporate email accounts by the Russian APT29 hacking group. The directive is known as ...
1 year ago Securityboulevard.com APT29
Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts - Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. The attacks are similar to those reported years ago, indicating that OAuth apps ...
11 months ago Bleepingcomputer.com
Goto Customers Backup Data Breach: Protect Your Business and Handle Data Breach Risks - A data breach at Goto customers exposed their backup data to malicious actors, leading to a data breach that impacted those customers. Businesses need to be aware of the risks associated with data breaches and how to protect their organisations from ...
3 years ago Securityaffairs.com
CISA orders agencies impacted by Microsoft hack to mitigate risks - CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. It requires them to investigate potentially ...
1 year ago Bleepingcomputer.com APT29
HPE investigates new breach after data for sale on hacking forum - Hewlett Packard Enterprise is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information. The company has told ...
2 years ago Bleepingcomputer.com APT1 APT29
Microsoft Shares New Guidance in the Wake of 'Midnight Blizzard' Cyberattack - Microsoft has released new guidance for organizations on how to protect against persistent nation-state attacks like the one disclosed a few days ago that infiltrated its own corporate email system. A key focus of the guidance is on what ...
2 years ago Darkreading.com Cozy Bear

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)