Microsoft Entra ID flaw allowed hijacking any company's tenant

A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every ...
The Hacker News

Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants

July 17, 2025; CVSS 10.0 Entra ID bug via legacy Graph enabled cross-tenant impersonation risking tenant compromise.

Microsoft’s Entra ID vulnerabilities could have been catastrophic

Known as Entra ID, the system stores each Azure cloud customer’s user identities, sign-in access controls, applications, and ...
The Register on MSN

One token to pwn them all: Entra ID bug could have granted access to every tenant

Until Microsoft lobbed it into a virtual volcano A security researcher claims to have found a flaw that could have handed him ...
CSOonline

Beware of overly permissive Azure AD cross-tenant synchronization policies

A new proof of concept shows that attackers can use Azure AD CTS to leap to Microsoft and non-Microsoft application across tenants. Lateral movement techniques have been a critical component of ...
Bleeping Computer

Latest Azure AD news

Microsoft has fixed an issue that caused Entra ID DNS authentication failures when using the company's Seamless SSO and Microsoft Entra Connect Sync. ClickFix, FileFix, fake CAPTCHA — whatever you ...
ZDNet

Microsoft is rolling out these security settings to protect millions of accounts. Here's what's changing

To thwart password and phishing attacks, Microsoft is rolling out security defaults to a massive number of Azure Active Directory (AD) users. Microsoft began rolling out security defaults to customers ...