Topic: microsoft entra
-
Microsoft Entra Accounts Targeted in Vishing Attacks
A new wave of attacks combines device code phishing with voice phishing (vishing) to compromise Microsoft Entra accounts, exploiting the legitimate OAuth 2.0 device authorization flow to steal authentication tokens without traditional password theft. The **ShinyHunters** extortion group is believ...
Read More » -
ShinyHunters Breach Okta, Microsoft SSO in Major Data Theft
The ShinyHunters gang is conducting a sophisticated voice phishing campaign, using social engineering to steal credentials and MFA codes by impersonating IT support and using real-time, interactive phishing kits. Attackers exploit compromised SSO accounts (e.g., Okta, Microsoft Entra, Google) to ...
Read More » -
Microsoft's New AI Security Agents Outsmart Hackers
Microsoft has launched advanced AI security agents that proactively identify and neutralize cyber threats, available at no extra cost for Security Copilot users on Microsoft 365 E5 plans. These AI agents are integrated into platforms like Defender, Entra, and Intune to shift security from reactiv...
Read More » -
Microsoft Entra ID Flaw Let Attackers Hijack Company Tenants
A critical vulnerability (CVE-2025-55241) in Microsoft's Entra ID could have allowed attackers to gain full control over an organization's tenant by exploiting unsigned "actor tokens" and a weakness in the Azure AD Graph API. The flaw enabled attackers to impersonate any user, escalate privileges...
Read More »