New CoPhish attack steals OAuth tokens via Copilot Studio agents
From BleepingComputer to All on Sat Oct 25 13:09:10 2025
A new phishing technique dubbed 'CoPhish' weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains. [...]