Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...
Attackers behind a password-spraying campaign targeting Microsoft Office 365 accounts have amassed dozens of victims by abusing a deprecated feature in OAuth 2.0 to ...
Organizations that have implemented the "Log in with Microsoft" feature in their Microsoft Azure Active Directory environments could potentially be vulnerable to an authentication bypass that opens ...
Hackers launched 81 million login attempts against Microsoft 365, exploiting Azure CLI and MFA configuration gaps to ...
What happened A massive password spray campaign is targeting Microsoft 365 environments through Azure CLI authentication. Huntress warned that threat actors made more than 81 million login attempts ...
Microsoft has addressed an Azure Active Directory (Azure AD) authentication flaw that could allow threat actors to escalate privileges and potentially fully take over the target's account. This ...
The attack abused misconfigured conditional access policies to bypass multi-factor authentication protections.
Microsoft has warned that fraudulent Microsoft Partner Network (MPN) accounts were used in a phishing campaign that featured bogus apps that tricked victims into granting them permissions to access ...
Threat actors have made over 81 million login attempts in a massive password spray campaign targeting Azure CLI.