top of page
perceptive_background_267k.jpg

ConsentFix debrief: Insights from the new OAuth phishing attack

Published:

14 January 2026 at 15:01:11

Alert date:

14 January 2026 at 16:00:46

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Identity & Access, Web Technologies

ConsentFix is a new OAuth phishing technique that abuses browser-based authorization flows to hijack Microsoft accounts. Push Security provides insights from continued tracking and community research into this evolving attack method. The technique represents a sophisticated approach to account takeover through OAuth abuse. Attackers are continuing to evolve their techniques as the campaign progresses. The attack specifically targets Microsoft account credentials through authorization flow manipulation.

Technical details

Mitigation steps:

Affected products:

Microsoft OAuth
Microsoft Accounts

Related links:

https://www.bleepingcomputer.com/news/security/consentfix-debrief-insights-from-the-new-oauth-phishing-attack/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page