Miscreants using malicious OAuth applications abused Microsoft’s “verified publisher” status to gain access to organizations’ cloud environments, then steal data and pry into to users’ mailboxes, calendars, and meetings.
Read full article on The Register