Bleeping Computer

Latest Azure AD news

A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. Microsoft has fixed an issue that caused Entra ID DNS ...
CSOonline

Beware of overly permissive Azure AD cross-tenant synchronization policies

A new proof of concept shows that attackers can use Azure AD CTS to leap to Microsoft and non-Microsoft application across tenants. Lateral movement techniques have been a critical component of ...
IT News For Australia Business

Actor auth tokens gave Global Admin access across Azure Entra ID tenants

A Dutch security researcher has published an indepth analysis of a critical vulnerability that could have allowed attackers to compromise every Microsoft Entra ID tenant worldwide through a ...
Bleeping Computer

Grafana warns of critical auth bypass due to Azure AD integration

Grafana has released security fixes for multiple versions of its application, addressing a vulnerability that enables attackers to bypass authentication and take over any Grafana account that uses ...