Microsoft Vulnerability Rollup Patches ConsentFix v3: OAuth Phishing That Bypasses MFA in Entra ID
A new wave of consent-based phishing has been quietly eroding the security assumptions of modern cloud identity. On May 2, 2026, Microsoft released a vulnerability rollup aimed at disrupting “ConsentFix v3,” an automated OAuth consent-grant campaign designed to sidestep multifactor authentication (MFA) and burrow into Microsoft 365 tenants via illicit app permissions. The campaign’s hallmark:…