SecurityWeek

All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher

Microsoft patches CVE-2025-55241, an Azure Entra elevation of privilege vulnerability that could have been exploited to ...
The Hacker News

Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants

July 17, 2025; CVSS 10.0 Entra ID bug via legacy Graph enabled cross-tenant impersonation risking tenant compromise.
Hosted on MSN

One token to pwn them all: Entra ID bug could have granted access to every tenant

The first, according to Mollema, is undocumented impersonation tokens called "Actor tokens" that Microsoft uses for service-to-service communication. There was a flaw in the legacy Azure Active ...
CSOonline

How API authentication vulnerabilities are at the center of cloud security concerns

Microsoft’s cloud services have come under scrutiny in recent months, with APIs at the heart of the matter. Here are some strategies to help mitigate security issues that can arise when using APIs.