Attackers are exploiting OAuth's built-in error redirect mechanism to route victims from legitimate Microsoft or Google login URLs to phishing sites or malware downloads — without needing to steal tokens. The attack uses silent OAuth flows with intentionally invalid parameters (e.g., prompt=none, invalid scope), causing the
Sort: