{"id":21160,"date":"2026-07-14T11:21:35","date_gmt":"2026-07-14T11:21:35","guid":{"rendered":"https:\/\/sekuritasit.com\/index.php\/2026\/07\/14\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\/"},"modified":"2026-07-14T11:21:35","modified_gmt":"2026-07-14T11:21:35","slug":"oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news","status":"publish","type":"post","link":"https:\/\/sekuritasit.com\/index.php\/2026\/07\/14\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\/","title":{"rendered":"OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials info@thehackernews.com (The Hacker News)"},"content":{"rendered":"<p>At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry.<\/p>\n<p>The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environments, without ever generating a successful sign-in event that would otherwise alert defenders. And bad actors have begun<a href=\"https:\/\/thehackernews.com\/2026\/07\/oauth-client-id-spoofing-lets-attackers.html\" target=\"_blank\" class=\"feedzy-rss-link-icon\">Read More<\/a>\u00a0<\/p>","protected":false},"excerpt":{"rendered":"<p>At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environments, without ever generating a successful sign-in event that would otherwise alert defenders. And bad [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":21161,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-21160","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.8 - aioseo.com -->\n\t<meta name=\"description\" content=\"At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environments, without ever generating a successful sign-in event that would otherwise alert defenders. And bad\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"admin\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/sekuritasit.com\/index.php\/2026\/07\/14\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.8\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Sekuritas IT \u203a Creative solutions to unique challenges.\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials info@thehackernews.com (The Hacker News) \u203a Sekuritas IT\" \/>\n\t\t<meta property=\"og:description\" content=\"At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environments, without ever generating a successful sign-in event that would otherwise alert defenders. And bad\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/sekuritasit.com\/index.php\/2026\/07\/14\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\/\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2026-07-14T11:21:35+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2026-07-14T11:21:35+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/profile.php?id=100086973577423\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials info@thehackernews.com (The Hacker News) \u203a Sekuritas IT\" \/>\n\t\t<meta name=\"twitter:description\" content=\"At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environments, without ever generating a successful sign-in event that would otherwise alert defenders. And bad\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2026\\\/07\\\/14\\\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\\\/#blogposting\",\"name\":\"OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials info@thehackernews.com (The Hacker News) \\u203a Sekuritas IT\",\"headline\":\"OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials info@thehackernews.com (The Hacker News)\",\"author\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/admin\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/OAuth-ClientID-7iPvdv.jpg\",\"width\":900,\"height\":470},\"datePublished\":\"2026-07-14T11:21:35+00:00\",\"dateModified\":\"2026-07-14T11:21:35+00:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2026\\\/07\\\/14\\\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2026\\\/07\\\/14\\\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\\\/#webpage\"},\"articleSection\":\"Uncategorized\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2026\\\/07\\\/14\\\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sekuritasit.com\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"name\":\"Uncategorized\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"position\":2,\"name\":\"Uncategorized\",\"item\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2026\\\/07\\\/14\\\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\\\/#listItem\",\"name\":\"OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials info@thehackernews.com (The Hacker News)\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2026\\\/07\\\/14\\\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\\\/#listItem\",\"position\":3,\"name\":\"OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials info@thehackernews.com (The Hacker News)\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"name\":\"Uncategorized\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\",\"name\":\"Sekuritas IT\",\"description\":\"Creative solutions to unique challenges.\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/\",\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/profile.php?id=100086973577423\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/admin\\\/#author\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/admin\\\/\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2026\\\/07\\\/14\\\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\\\/#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d7e1b280a86a35aded993a38df224bb7b360b70bfbabceccbea7c0ef0ab5e175?s=96&d=retro&r=g\",\"width\":96,\"height\":96,\"caption\":\"admin\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2026\\\/07\\\/14\\\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\\\/#webpage\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2026\\\/07\\\/14\\\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\\\/\",\"name\":\"OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials info@thehackernews.com (The Hacker News) \\u203a Sekuritas IT\",\"description\":\"At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environments, without ever generating a successful sign-in event that would otherwise alert defenders. And bad\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2026\\\/07\\\/14\\\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/admin\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/admin\\\/#author\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/OAuth-ClientID-7iPvdv.jpg\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2026\\\/07\\\/14\\\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\\\/#mainImage\",\"width\":900,\"height\":470},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2026\\\/07\\\/14\\\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\\\/#mainImage\"},\"datePublished\":\"2026-07-14T11:21:35+00:00\",\"dateModified\":\"2026-07-14T11:21:35+00:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#website\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/\",\"name\":\"Sekuritas IT\",\"alternateName\":\"Sekuritas\",\"description\":\"Creative solutions to unique challenges.\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials info@thehackernews.com (The Hacker News) \u203a Sekuritas IT","description":"At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environments, without ever generating a successful sign-in event that would otherwise alert defenders. And bad","canonical_url":"https:\/\/sekuritasit.com\/index.php\/2026\/07\/14\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/sekuritasit.com\/index.php\/2026\/07\/14\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\/#blogposting","name":"OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials info@thehackernews.com (The Hacker News) \u203a Sekuritas IT","headline":"OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials info@thehackernews.com (The Hacker News)","author":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/admin\/#author"},"publisher":{"@id":"https:\/\/sekuritasit.com\/#organization"},"image":{"@type":"ImageObject","url":"https:\/\/sekuritasit.com\/wp-content\/uploads\/2026\/07\/OAuth-ClientID-7iPvdv.jpg","width":900,"height":470},"datePublished":"2026-07-14T11:21:35+00:00","dateModified":"2026-07-14T11:21:35+00:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/sekuritasit.com\/index.php\/2026\/07\/14\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\/#webpage"},"isPartOf":{"@id":"https:\/\/sekuritasit.com\/index.php\/2026\/07\/14\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\/#webpage"},"articleSection":"Uncategorized"},{"@type":"BreadcrumbList","@id":"https:\/\/sekuritasit.com\/index.php\/2026\/07\/14\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/sekuritasit.com#listItem","position":1,"name":"Home","item":"https:\/\/sekuritasit.com","nextItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","name":"Uncategorized"}},{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","position":2,"name":"Uncategorized","item":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/","nextItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/2026\/07\/14\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\/#listItem","name":"OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials info@thehackernews.com (The Hacker News)"},"previousItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/2026\/07\/14\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\/#listItem","position":3,"name":"OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials info@thehackernews.com (The Hacker News)","previousItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","name":"Uncategorized"}}]},{"@type":"Organization","@id":"https:\/\/sekuritasit.com\/#organization","name":"Sekuritas IT","description":"Creative solutions to unique challenges.","url":"https:\/\/sekuritasit.com\/","sameAs":["https:\/\/www.facebook.com\/profile.php?id=100086973577423"]},{"@type":"Person","@id":"https:\/\/sekuritasit.com\/index.php\/author\/admin\/#author","url":"https:\/\/sekuritasit.com\/index.php\/author\/admin\/","name":"admin","image":{"@type":"ImageObject","@id":"https:\/\/sekuritasit.com\/index.php\/2026\/07\/14\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\/#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/d7e1b280a86a35aded993a38df224bb7b360b70bfbabceccbea7c0ef0ab5e175?s=96&d=retro&r=g","width":96,"height":96,"caption":"admin"}},{"@type":"WebPage","@id":"https:\/\/sekuritasit.com\/index.php\/2026\/07\/14\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\/#webpage","url":"https:\/\/sekuritasit.com\/index.php\/2026\/07\/14\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\/","name":"OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials info@thehackernews.com (The Hacker News) \u203a Sekuritas IT","description":"At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environments, without ever generating a successful sign-in event that would otherwise alert defenders. And bad","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/sekuritasit.com\/#website"},"breadcrumb":{"@id":"https:\/\/sekuritasit.com\/index.php\/2026\/07\/14\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\/#breadcrumblist"},"author":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/admin\/#author"},"creator":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/admin\/#author"},"image":{"@type":"ImageObject","url":"https:\/\/sekuritasit.com\/wp-content\/uploads\/2026\/07\/OAuth-ClientID-7iPvdv.jpg","@id":"https:\/\/sekuritasit.com\/index.php\/2026\/07\/14\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\/#mainImage","width":900,"height":470},"primaryImageOfPage":{"@id":"https:\/\/sekuritasit.com\/index.php\/2026\/07\/14\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\/#mainImage"},"datePublished":"2026-07-14T11:21:35+00:00","dateModified":"2026-07-14T11:21:35+00:00"},{"@type":"WebSite","@id":"https:\/\/sekuritasit.com\/#website","url":"https:\/\/sekuritasit.com\/","name":"Sekuritas IT","alternateName":"Sekuritas","description":"Creative solutions to unique challenges.","inLanguage":"en-US","publisher":{"@id":"https:\/\/sekuritasit.com\/#organization"}}]},"og:locale":"en_US","og:site_name":"Sekuritas IT \u203a Creative solutions to unique challenges.","og:type":"article","og:title":"OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials info@thehackernews.com (The Hacker News) \u203a Sekuritas IT","og:description":"At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environments, without ever generating a successful sign-in event that would otherwise alert defenders. And bad","og:url":"https:\/\/sekuritasit.com\/index.php\/2026\/07\/14\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\/","article:published_time":"2026-07-14T11:21:35+00:00","article:modified_time":"2026-07-14T11:21:35+00:00","article:publisher":"https:\/\/www.facebook.com\/profile.php?id=100086973577423","twitter:card":"summary_large_image","twitter:title":"OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials info@thehackernews.com (The Hacker News) \u203a Sekuritas IT","twitter:description":"At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environments, without ever generating a successful sign-in event that would otherwise alert defenders. And bad"},"aioseo_meta_data":[],"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/sekuritasit.com\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/\" title=\"Uncategorized\">Uncategorized<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tOAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials info@thehackernews.com (The Hacker News)\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/sekuritasit.com"},{"label":"Uncategorized","link":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/"},{"label":"OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials info@thehackernews.com (The Hacker News)","link":"https:\/\/sekuritasit.com\/index.php\/2026\/07\/14\/oauth-client-id-spoofing-lets-attackers-validate-stolen-microsoft-entra-credentials-infothehackernews-com-the-hacker-news\/"}],"_links":{"self":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/21160","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/comments?post=21160"}],"version-history":[{"count":0,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/21160\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/media\/21161"}],"wp:attachment":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/media?parent=21160"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/categories?post=21160"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/tags?post=21160"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}