Phishing , Identity , Cloud Security New ConsentFix v3 attack automates Microsoft Azure account hijacking May 4, 2026 Share By SC Staff (Adobe Stock) A new attack technique dubbed ConsentFix v3 has emerged, automating the hijacking of Microsoft Azure accounts through a sophisticated phishing scheme. This latest iteration builds upon previous versions by incorporating enhanced automation and scalability to bypass security measures. The attack leverages social engineering and abuse of the OAuth2 authorization code flow to gain unauthorized access to user accounts, according to a recent report by Bleeping Computer. ConsentFix v3 targets Microsoft Azure environments by first identifying valid tenant IDs and gathering employee details for impersonation. Attackers then create multiple accounts across various services to facilitate phishing, data gathering, and exfiltration. A key component is the use of Pipedream, a serverless integration platform, which acts as a webhook endpoint to receive authorization codes, an automation engine to exchange codes for refresh tokens, and a collector for captured tokens. The attack involves a phishing page hosted on Cloudflare Pages that mimics a legitimate Microsoft/Azure interface, redirecting victims to a localhost URL containing an OAuth authorization code. This code is then pasted or dragged back into the phishing page, enabling the exfiltration of tokens. These tokens are subsequently used to access compromised Microsoft environments, including email and files. While the full impact is still being assessed, mitigation strategies include applying token binding, setting up behavioral detection rules, and restricting app authentication. It remains unclear if the v3 variant has seen widespread adoption by cybercriminals. Source: Bleeping Computer SC Staff Related Phishing Telegram mini apps used in large-scale crypto scams and malware distribution SC Staff May 4, 2026 The FEMITBOT platform facilitates various scams, including fake cryptocurrency, financial services, AI tools, and streaming sites. Threat Intelligence Vietnamese operation uses Google AppSheet for Facebook phishing, targets 30,000 accounts SC Staff May 1, 2026 The AccountDumpling campaign targets Facebook Business account owners with emails impersonating Meta Support, creating a false sense of urgency to prompt users to click on links leading to fake credential harvesting pages. Email security Commercial spam and phishing attacks increasingly leverage trusted platforms SC Staff May 1, 2026 Commercial spam now constitutes 46% of all spam globally, with a significant portion originating from compromised accounts and free email services, according to VIPRE Security Group's Q1 2026 Email Threat Trends Report. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Basic Authentication Biometrics Certificate-Based Authentication Challenge-Handshake Authentication Protocol (CHAP) Cloud Computing Digest Authentication Digital Certificate Discretionary Access Control (DAC) Greynet You can skip this ad in 5 seconds