ConsentFix attack hijacks Microsoft accounts via Azure CLI without passwords or MFA. It tricks users into submitting OAuth codes through a fake CAPTCHA on compromised sites, giving attackers full access to accounts using Azure authentication. Monitoring for unusual Azure CLI activity is recommended to detect this threat.
New ConsentFix Attack Hijacks Microsoft Accounts Via Azure CLI

