Analysing "ConsentFix", a new browser-native attack technique we've detected in the wild, combining OAuth consent phishing with a ClickFix-style user prompt.