A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. The fatal mix included undocumented tokens called “actor ...

As businesses around the world have shifted their digital infrastructure over the last decade from self-hosted servers to the cloud, they’ve benefitted from the standardized, built-in security ...

A critical Microsoft authentication vulnerability could have allowed a threat actor to compromise virtually every Entra ID tenant in the world. The elevation of privilege (EoP) vulnerability, tracked ...

Due to a vulnerability in Entra ID, attackers could have gained access to any tenants as administrators. The security issue has been resolved for some time. Microsoft's identity and access management ...

Facepalm: Microsoft Entra ID, formerly known as Azure Active Directory, is a cloud-based identity and access management solution. The directory-based system provides authentication for nearly all ...

Actor tokens allowed cross-tenant impersonation without logging or security checks CVE-2025-55241 enabled Global Admin access via deprecated Azure AD Graph API Microsoft patched the flaw in September ...

A Dutch security researcher has published an indepth analysis of a critical vulnerability that could have allowed attackers to compromise every Microsoft Entra ID tenant worldwide through a ...

Though patched, the flaw underscores systemic risks in cloud identity systems where legacy APIs and invisible delegation mechanisms can be exploited without detection, prompting calls for stronger ...

A security researcher claims to have found a flaw that could have handed him the keys to almost every Entra ID tenant worldwide.… Dirk-jan Mollema reported the finding to the Microsoft Security ...