#microsoft-entra-id

[ follow ]
fromThe Hacker News
4 days ago

Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants

A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any user, including Global Administrators, across any tenant. The vulnerability, tracked as CVE-2025-55241, has been assigned the maximum CVSS score of 10.0. It has been described by Microsoft as a privilege escalation flaw in Azure Entra. There is no indication that the issue was exploited in the wild. It has been addressed by the Windows maker as of July 17, 2025, requiring no customer action.
Information security
fromTechzine Global
6 days ago

Dutch hacker: all Microsoft Entra ID tenants at risk

Dutch security researcher Dirk-jan Mollema discovered a critical vulnerability in Microsoft Entra ID that allowed full access to every tenant in the world. Microsoft fixed the problem within days of being notified. The flaw consisted of undocumented impersonation tokens and a validation error in the old Azure AD Graph API. With this vulnerability, a successful attack would remain completely invisible. This is because there was no logging for requesting Actor tokens. Even if there had been, it would only appear in the attacker's tenant, not in the victim's.
Information security
fromWIRED
1 week ago

This Microsoft Entra ID Vulnerability Could Have Caused a Digital Catastrophe

Mollema has studied Entra ID security in depth and published multiple studies about weaknesses in the system, which was formerly known as Azure Active Directory. But while preparing to present at the Black Hat security conference in Las Vegas in July, Mollema discovered two vulnerabilities that he realized could be used to gain global administrator privileges-essentially god mode-and compromise every Entra ID directory, or what is known as a "tenant."
Information security
Artificial intelligence
fromwww.infoworld.com
1 month ago

Securing AI workloads in Azure: A zero-trust architecture for MLOps

Zero-trust MLOps architecture uses Microsoft Entra ID, Azure Key Vault, Private Link and metadata-driven controls to authenticate, enforce least privilege, encrypt, isolate, and audit.
#cybersecurity
[ Load more ]