SecurityWeek

All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher

Microsoft patches CVE-2025-55241, an Azure Entra elevation of privilege vulnerability that could have been exploited to compromise tenants.
Hosted on MSN

One token to pwn them all: Entra ID bug could have granted access to every tenant

The first, according to Mollema, is undocumented impersonation tokens called "Actor tokens" that Microsoft uses for service-to-service communication. There was a flaw in the legacy Azure Active ...
CSOonline

How API authentication vulnerabilities are at the center of cloud security concerns

Microsoft’s cloud services have come under scrutiny in recent months, with APIs at the heart of the matter. Here are some strategies to help mitigate security issues that can arise when using APIs.
InfoWorld

Build an authentication handler for a minimal API in ASP.NET Core

ASP.NET Core offers a simplified hosting model, called minimal APIs, that allows us to build lightweight APIs with minimal dependencies. However, “minimal” doesn’t mean minimal security. Minimal APIs ...
ZDNet

W3C finalizes Web Authentication (WebAuthn) standard

Today, the World Wide Web Consortium (W3C), the organization behind all web standards, has formally promoted the Web Authentication API to the title of official web standard. This promotion means the ...
TWCN Tech News

Event ID 1098: Error 0xCAA5001C, Token broker operation failed in Windows 11/10

HKEY_USERS\S-1-5-21-299502267-1950408961-849522115-1818\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppModel\SystemAppData\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\PSR ...