Microsoft: Hackers abuse OAuth error flows to spread malware

Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take ...
Security Boulevard

The DocuSign Email That Wasn’t – A Three-Redirect Credential Harvest

TL;DR Attackers sent a convincing DocuSign notification with a "Review & Sign" button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...
The Hacker News

Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets

Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The ...
Windows Report

Microsoft Warns of New OAuth Phishing Technique Abusing Trusted Login Redirects

Microsoft uncovers OAuth phishing campaigns that abuse login redirects to deliver malware and steal credentials.
Forbes

Open Redirect Attacks: What Are They And How To Avoid Them

Imagine receiving a promotional email from a business you trust, sending you a “one-time-only” offer for being a customer. Because the offer sounds too good to be true, you suspect that something ...
Search Engine Land

An SEO’s guide to redirects

Redirects are a way of moving a webpage visitor from an old address to a new one without further action from them. Each webpage has a unique reference, a URL, to enable browsers to request the correct ...
Search Engine Land

Too many redirects: How to fix loop errors and protect SEO

Seeing the “too many redirects” page pop up isn’t just a browser error, it’s also a silent SEO killer. Every time a URL sends a visitor or search engine crawler to another URL automatically—called a ...