Threat Post

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...
Bleeping Computer

Microsoft fixes Azure AD auth flaw enabling account takeover

Microsoft has addressed an Azure Active Directory (Azure AD) authentication flaw that could allow threat actors to escalate privileges and potentially fully take over the target's account. This ...
GovInfoSecurity

A Token Flaw Turned Azure's AI Agent Into a Spy

A misconfiguration in Microsoft's Azure SRE Agent may have allowed any Azure account holder from any company to tap into ...
Threat Post

Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks

An APT group has started heavily relying on cloud services like Azure Active Directory and OneDrive, as well as open-source tools, to obfuscate its attacks. Microsoft has suspended 18 Azure Active ...
Dark Reading

Microsoft Fixes Flaw Threatening Azure Accounts

Researchers from CyberArk today outlined a vulnerability they discovered this fall in some Microsoft OAuth 2.0 applications that could allow an attacker to hijack Azure accounts. Microsoft fixed the ...
Bleeping Computer

Microsoft shares guidance on securing Azure Cosmos DB accounts

Microsoft issued guidance on securing Azure accounts that may be impacted by a recently addressed Cosmos DB critical vulnerability, giving attackers full admin rights to users' data without ...