Microsoft Exchange servers hacked via OAuth apps for phishing

Microsoft Security
Microsoft says a threat actor gained access to cloud tenants hosting Microsoft Exchange servers in credential stuffing attacks, with the end goal of deploying malicious OAuth applications and sending phishing emails. […]