Bleeping Computer

New ConsentFix attack hijacks Microsoft accounts via Azure CLI

A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) ...
techtimes

Beware Microsoft Azure Users: AutoWarp Bug Can Allow Unauthorized Access to Your Accounts

Microsoft has recently fixed a bug on the Azure Automation service, granting attackers unpermitted access to customers' sensitive information. Further details have been disclosed by the Redmond giant ...
Ars Technica

Ongoing campaign compromises senior execs’ Azure accounts, locks them using MFA

Hundreds of Microsoft Azure accounts, some belonging to senior executives, are being targeted by unknown attackers in an ongoing campaign that’s aiming to steal sensitive data and financial assets ...