Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages. [...]
Microsoft: Hackers abuse OAuth error flows to spread malware
Summary + source link. No paywalls, no tracking.