SecurityWeek

All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher

Microsoft patches CVE-2025-55241, an Azure Entra elevation of privilege vulnerability that could have been exploited to ...
The Hacker News

Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants

July 17, 2025; CVSS 10.0 Entra ID bug via legacy Graph enabled cross-tenant impersonation risking tenant compromise.
CSO Online

Entra ID vulnerability exposes gaps in cloud identity trust models, experts warn

Though patched, the flaw underscores systemic risks in cloud identity systems where legacy APIs and invisible delegation ...

Microsoft Entra ID flaw allowed hijacking any company's tenant

A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every ...
InfoWorld

Manage your tasks with the Microsoft To Do API

A desktop task manager built on top of the Microsoft Graph lets you share tasks with groups and seamlessly link tasks to applications. One of the challenges of the modern enterprise is task management ...

One token to pwn them all: Entra ID bug could have granted access to every tenant

A security researcher claims to have found a flaw that could have handed him the keys to almost every Entra ID tenant ...