Microsoft Entra ID
-
Microsoft fixes Entra ID role flaw that could let users take over service principals
Microsoft fixed an Entra ID role flaw that could let users with the Agent ID Administrator role take over non-agent service principals, add credentials and potentially escalate privileges, according to a Silverfort technical analysis.
-
Attackers use device code vishing to take over Microsoft Entra accounts
Threat actors used device code phishing and vishing to abuse the OAuth 2.0 device flow and compromise Microsoft Entra accounts. The attacks use legitimate OAuth client IDs to obtain refresh tokens and access connected SSO applications.
-
Entra ID to auto-enable passkey profiles and add synced passkeys from March 2026
Starting March 2026 Entra ID will automatically enable passkey profiles and add support for synced passkeys. A Microsoft message center announcement outlines staged rollout with opt-in and automatic migration and a new passkeyType profile setting.
-
Microsoft to block unauthorized scripts on Entra ID sign-ins with CSP update
Microsoft will change the Content Security Policy for browser-based Entra ID sign-ins at login.microsoftonline.com to block unauthorized scripts and allow only trusted Microsoft domains, with a global rollout beginning mid-to-late October 2026; organisations are asked to test sign-in flows and avoid tools that inject code.
-
Researchers warn ‘CoPhish’ uses Microsoft Copilot Studio agents to harvest OAuth tokens
Datadog Security Labs disclosed “CoPhish,” a phishing method that uses Microsoft Copilot Studio agents and legitimate Microsoft-hosted demo pages to deliver fraudulent OAuth consent flows and harvest session tokens; Microsoft says it will address the issue in a future update and both vendors recommend tightening admin privileges and consent policies.
-
Researchers warn ‘Jingle Thief’ group exploits cloud access to commit gift card fraud
Palo Alto Networks Unit 42 says a group called Jingle Thief is targeting cloud environments used by retailers to steal credentials, issue unauthorized gift cards and resell them on gray markets, using phishing, long‑term access and identity misuse to evade detection.
-
Microsoft patches critical Entra ID flaw CVE-2025-55241 with 10.0 severity, enabling cross-tenant impersonation
Microsoft has patched a critical Entra ID vulnerability, CVE-2025-55241, with a maximum CVSS score of 10.0 that could allow cross-tenant impersonation of users, including Global Administrators. The fix, disclosed by researchers and implemented on July 17, 2025, requires no action by customers, though experts warn the flaw highlights broader cloud-security risks and the need to…
-
China-linked Murky Panda exploits cloud trust to move laterally, CrowdStrike finds
A CrowdStrike 2025 Threat Hunting Report finds a 136% increase in cloud intrusions, driven by Murky Panda’s use of zero-day exploits and, more notably, their manipulation of trusted cloud relationships to move from SaaS providers into downstream customer environments, with links to a February 2025 breach of Commvault’s Microsoft Azure cloud environment highlighted as a…
-
New Cybersecurity Threat Targets Over 80,000 Microsoft Entra ID Accounts
A new cybersecurity threat has surfaced, with over 80,000 Microsoft Entra ID accounts compromised by an account takeover campaign known as UNK_SneakyStrike, utilizing the TeamFiltration tool for malicious activities.
