#entra-id

[ follow ]
#cybersecurity #microsoft-copilot-studio #oauth-token-theft #cophish-attack #phishing #cve-2025-55241
fromTechzine Global
6 days ago

How attackers use Microsoft agents to steal OAuth tokens

Among their discoveries can be OAuth tokens, which these digital assistants then pass on to malicious parties. Datadog uncovered how agents use Microsoft Copilot Studio to assist in phishing campaigns. Copilot Studio enables a pervasive form of automation. To increase their usability, users can share the workflows of these agents, which are called "topics." The Login topic can be configured in such a way that users are misled.
Information security
Information security
fromIT Pro
1 month ago

A terrifying Microsoft flaw could've allowed hackers to compromise 'every Entra ID tenant in the world'

A critical Entra ID vulnerability (CVE-2025-55241) could have allowed cross-tenant full administrative compromise via undocumented 'Actor' tokens and Azure AD Graph API validation flaws.
Information security
fromWIRED
1 month ago

Security News This Week: A Dangerous Worm Is Eating Its Way Through Software Packages

Multiple serious security failures and threats emerged this week, including government data exposure, critical identity-management flaws, hypersonic missile tests, and advanced SMS-scamming techniques.
fromTheregister
1 month ago

Entra ID bug could have granted access to every tenant

"If you are an Entra ID admin," wrote Mollema, "that means complete access to your tenant."
Information security
Information security
fromComputerworld
2 months ago

Microsoft releases Windows Backup for Organizations to ease migration of user settings to Windows 11

Windows Backup for Organizations restores settings only on Windows 11 version 22H2 or later; Windows 10 cannot restore settings despite being backed up.
Tech industry
fromThe Hacker News
6 months ago

Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach

Microsoft has migrated its account signing services to Azure confidential VMs for enhanced security.
[ Load more ]