#entra-id
#entra-id
[ follow ]
#windows-backup #content-security-policy #microsoft #cybersecurity #oobe #windows-365 #device-management #mfa
fromTechzine Global
3 weeks agoMicrosoft requires MFA for Microsoft 365 admin center
Starting February 9, 2026, Microsoft will enforce multi-factor authentication (MFA) for all users who want to access the Microsoft 365 admin center. Administrators without MFA will face login blocks starting next month. The measure is part of Microsoft's strategy against credential-based attacks, which remain a significant attack vector. The company began a soft rollout in February last year, but starting next month, the requirement will be fully enforced for all tenants.
Information security
fromTechzine Global
3 months agoHow attackers use Microsoft agents to steal OAuth tokens
Among their discoveries can be OAuth tokens, which these digital assistants then pass on to malicious parties. Datadog uncovered how agents use Microsoft Copilot Studio to assist in phishing campaigns. Copilot Studio enables a pervasive form of automation. To increase their usability, users can share the workflows of these agents, which are called "topics." The Login topic can be configured in such a way that users are misled.
Information security
Information security
fromIT Pro
4 months agoA terrifying Microsoft flaw could've allowed hackers to compromise 'every Entra ID tenant in the world'
A critical Entra ID vulnerability (CVE-2025-55241) could have allowed cross-tenant full administrative compromise via undocumented 'Actor' tokens and Azure AD Graph API validation flaws.
Information security
fromWIRED
4 months agoSecurity News This Week: A Dangerous Worm Is Eating Its Way Through Software Packages
Multiple serious security failures and threats emerged this week, including government data exposure, critical identity-management flaws, hypersonic missile tests, and advanced SMS-scamming techniques.
[ Load more ]