Wired

This Microsoft Entra ID Vulnerability Could Have Been Catastrophic

As businesses around the world have shifted their digital infrastructure over the last decade from self-hosted servers to the cloud, they’ve benefitted from the standardized, built-in security ...
Bleeping Computer

Microsoft Entra ID flaw allowed hijacking any company's tenant

A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. The fatal mix included undocumented tokens called “actor ...
TechRadar

This serious Microsoft Entra flaw could have let hackers infiltrate any user, so patch now

Actor tokens allowed cross-tenant impersonation without logging or security checks CVE-2025-55241 enabled Global Admin access via deprecated Azure AD Graph API Microsoft patched the flaw in September ...