New CoPhish attack targets OAuth tokens through Copilot Studio
A new phishing attack called CoPhish is making waves, and it’s pretty clever. Cybercriminals are using Microsoft Copilot Studio agents to send out fake OAuth consent requests, all while pretending ...
A new phishing attack called CoPhish is making waves, and it’s pretty clever. Cybercriminals are using Microsoft Copilot Studio agents to send out fake OAuth consent requests, all while pretending to be from trusted Microsoft domains. This means you might think you’re getting a legitimate request when, in fact, it’s a trap designed to steal your OAuth tokens.
Experts are raising alarms about this method, emphasizing that it’s not just your average phishing scam. The use of legitimate platforms makes it harder to spot. If you get an unexpected request for access, it’s a good idea to double-check before clicking anything. Keeping your accounts secure is more important than ever, so stay vigilant and be cautious with any links or requests that pop up in your inbox.
More insights from the team
Continue exploring adjacent research and threat briefings selected for their relevance to this topic.
U.S. Congressional Budget Office faces suspected cyberattack
The U.S. Congressional Budget Office is in hot water after a suspected foreign cyberattack breached its network. The CBO recently confirmed the incident, raising concerns about the potential exposu...
Researchers uncover vulnerabilities in ChatGPT that expose data
Hey there! If you’re a fan of ChatGPT, you might want to pay attention. Researchers just uncovered a bunch of vulnerabilities in OpenAI's latest models, GPT-4o and GPT-5. These issues could let att...
Gootloader malware resurfaces with new tactics after seven months
Gootloader malware is back in the game after a seven-month hiatus, and it’s got some new tricks up its sleeve. This sneaky malware loader is once again using SEO poisoning to push fake websites tha...