Advisories 4 May 2026 / 0 Comments

ConsentFix v3 – OAuth Consent Phishing Campaign Targeting Microsoft Azure and M365

Scope: Microsoft Azure / Microsoft 365 (Entra ID)

Severity: Red

A sophisticated attack campaign dubbed ConsentFix v3 abuses Microsoft OAuth consent flows by tricking users into approving malicious third-party applications requesting excessive permissions, without requiring credential theft or MFA bypass. Once consent is granted, attackers obtain persistent API access tokens enabling access to email, files, user profiles, and cloud resources indefinitely. Organizations should restrict user OAuth consent permissions, enforce admin consent workflows, audit Entra ID for unrecognized applications, and apply conditional access policies aligned with zero trust principles.

The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the recommendations and apply the necessary updates.

ConsentFix v3 – OAuth Consent Phishing Campaign Targeting Microsoft Azure and M365

BlueKit Phishing-as-a-Service Platform – AI-Assisted Credential Theft Campaigns

Recent Advisories

Categories

Contact info

Useful Links

Subscribe to our Mailing List

ConsentFix v3 – OAuth Consent Phishing Campaign Targeting Microsoft Azure and M365

RELATED ADVISORIES

BlueKit Phishing-as-a-Service Platform – AI-Assisted Credential Theft Campaigns

Recent Advisories

Categories