Cyber Security Published on July 2, 2026
ConsentFix/ClickFix hijacks Microsoft 365 accounts in seconds
Huntress has detailed a new attack vector called ConsentFix, a ClickFix-style social engineering technique that targets Microsoft 365 users through OAuth consent flows.
The attack tricks users into dragging a localhost callback link into their browser, which captures the session token returned by Microsoft's authentication server. Because the compromise occurs through a legitimate OAuth flow, it can bypass multi-factor authentication and conditional access policies.
Once the attacker has the session token, they can access the victim's Microsoft 365 account and data within seconds. Security awareness training and OAuth consent-review policies are critical defenses against this technique.
Source: Huntress / BleepingComputer