Bleeping Computer

Microsoft Entra ID flaw allowed hijacking any company's tenant

A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. The fatal mix included undocumented tokens called “actor ...
Hosted on MSN

One token to pwn them all: Entra ID bug could have granted access to every tenant

A security researcher claims to have found a flaw that could have handed him the keys to almost every Entra ID tenant worldwide.… Dirk-jan Mollema reported the finding to the Microsoft Security ...
Dark Reading

Critical Azure Entra ID Flaw Highlights Microsoft IAM Issues

A critical Microsoft authentication vulnerability could have allowed a threat actor to compromise virtually every Entra ID tenant in the world. The elevation of privilege (EoP) vulnerability, tracked ...
IT News For Australia Business

Actor auth tokens gave Global Admin access across Azure Entra ID tenants

A Dutch security researcher has published an indepth analysis of a critical vulnerability that could have allowed attackers to compromise every Microsoft Entra ID tenant worldwide through a ...
heise online

Entra ID vulnerability: Attackers could have taken over all tenants globally

Due to a vulnerability in Entra ID, attackers could have gained access to any tenants as administrators. The security issue has been resolved for some time. Microsoft's identity and access management ...
Redmond Magazine

Widespread Entra ID Account Takeover Campaign Detected Using Open Source Tool

Security researchers at Calif.-based Proofpoint have uncovered a large-scale account takeover campaign aimed at Microsoft Entra ID environments. The attackers are using TeamFiltration, an open source ...
CSOonline

Microsoft Entra’s billing roles pose privilege escalation risks in Azure

Guest users with certain billing roles can create and own subscriptions, potentially gaining persistence and privilege escalation within an organization’s Azure environment. Threat actors can abuse ...