Suspected Russian threat actors are deploying OAuth-based phishing attacks to hijack Microsoft 365 accounts by tricking users into providing authorization codes, allowing them to access and manipulate account data, as reported by Volexity researchers.