Sign up to save your podcasts
Or
Share Don’t trust that app!
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Don’t trust that app!
While our team is out on winter break, please enjoy this episode of Research Saturday.
Today we are joined by Selena Larson, co-host of Only Malware in the Building and Staff Threat Researcher and Lead Intelligence Analysis and Strategy at Proofpoint, sharing their work on "Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing." Proofpoint researchers have identified campaigns where threat actors use fake Microsoft OAuth apps to impersonate services like Adobe, DocuSign, and SharePoint, stealing credentials and bypassing MFA via attacker-in-the-middle phishing kits, mainly Tycoon.
These attacks redirect users to fake Microsoft login pages to capture credentials, 2FA tokens, and session cookies, targeting nearly 3,000 Microsoft 365 accounts across 900 environments in 2025. Microsoft’s upcoming security changes and strengthened email, cloud, and web defenses, along with user education, are recommended to reduce these risks.
The research can be found here:
Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing
Learn more about your ad choices. Visit megaphone.fm/adchoices
View all episodes
By N2K Networks
4.8
10061,006 ratings
While our team is out on winter break, please enjoy this episode of Research Saturday.
Today we are joined by Selena Larson, co-host of Only Malware in the Building and Staff Threat Researcher and Lead Intelligence Analysis and Strategy at Proofpoint, sharing their work on "Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing." Proofpoint researchers have identified campaigns where threat actors use fake Microsoft OAuth apps to impersonate services like Adobe, DocuSign, and SharePoint, stealing credentials and bypassing MFA via attacker-in-the-middle phishing kits, mainly Tycoon.
These attacks redirect users to fake Microsoft login pages to capture credentials, 2FA tokens, and session cookies, targeting nearly 3,000 Microsoft 365 accounts across 900 environments in 2025. Microsoft’s upcoming security changes and strengthened email, cloud, and web defenses, along with user education, are recommended to reduce these risks.
The research can be found here:
Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing
Learn more about your ad choices. Visit megaphone.fm/adchoices
More shows like CyberWire Daily
View all
Hacked
186 Listeners
Security Now (Audio)
2,010 Listeners
WSJ Tech News Briefing
1,651 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
371 Listeners
Risky Business
373 Listeners
SpyCast
1,533 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
653 Listeners
Smashing Security
318 Listeners
Click Here
418 Listeners
Darknet Diaries
8,079 Listeners
Cybersecurity Today
177 Listeners
Hacking Humans
316 Listeners
CISO Series Podcast
194 Listeners
Defense in Depth
73 Listeners
Cybersecurity Headlines
140 Listeners