Cybercriminals are using malicious Microsoft OAuth apps, which appear to be Adobe and DocuSign apps, to deliver malware and steal Microsoft 365 accounts credentials. The highly targeted campaigns use compromised email accounts to send phishing emails to businesses in the US and Europe. If permissions are granted, the attackers gain access to limited personal information and can redirect users to phishing forms or distribute malware.

‘Systemic gaps’ found private equity-backed healthcare companies’ cybersecurity preparedness
Private equity-backed healthcare companies have “systemic gaps” in their cybersecurity preparedness, according to a report from Clearwater Security. The findings revealed many such firms lack