Dark Reading

Critical Azure Entra ID Flaw Highlights Microsoft IAM Issues

A critical Microsoft authentication vulnerability could have allowed a threat actor to compromise virtually every Entra ID tenant in the world. The elevation of privilege (EoP) vulnerability, tracked ...
Bleeping Computer

New ConsentFix attack hijacks Microsoft accounts via Azure CLI

A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) ...
Redmond Magazine

Microsoft Rolls Out Metadata Security Protocol (MSP) to Enhance Security for Azure VMs

Microsoft has introduced the Metadata Security Protocol (MSP) for Azure virtual machines. MSP elevates access control for the Azure Instance Metadata Service (IMDS) and WireServer endpoints—long-used ...