Security researchers have uncovered a new phishing campaign capable of bypassing multi-factor authentication (MFA) in Office 365 to access user data stored in the cloud.

The discovery was made by the Cofense Phishing Defense Center and the new phishing technique, which leverages the Oauth2 framework and the OpenID Connect (OIDC) protocol, uses a malicious SharePoint link in order to trick users into granting permissions to a rogue application.

Source Article