Critical Alert 1 Active Exploit Detected Today

CVE-2026-20253 — Splunk Enterprise Missing Authentication for Critical Function Vulnerability →

Powered by CVE Watchtower

×

Microsoft Entra ID

The Invisible Backdoor: AI Exposes Malicious OAuth Apps Hiding in Microsoft Entra ID Malicious OAuth Apps Entra ID Homoglyph Attack

Malicious OAuth Apps Entra ID Homoglyph Attack

The Invisible Backdoor: AI Exposes Malicious OAuth Apps Hiding in Microsoft Entra ID

Do Son February 23, 2026

The integration of third-party applications into corporate environments has become the lifeblood of modern productivity, but it...

The “Fix” is a Trap: ConsentFix Phishing Bypasses MFA via Azure CLI ConsentFix Phishing OAuth Token Theft

ConsentFix Phishing OAuth Token Theft

The “Fix” is a Trap: ConsentFix Phishing Bypasses MFA via Azure CLI

Do Son February 2, 2026

A cunning new phishing technique is turning the trust of Microsoft’s own tools against its users. Dubbed...

CVE-2025-55241: Microsoft Entra ID Flaw with CVSS 10.0 Could Have Compromised Every Tenant Worldwide Microsoft Entra ID vulnerability CVE-2025-55241

Microsoft Entra ID vulnerability CVE-2025-55241

CVE-2025-55241: Microsoft Entra ID Flaw with CVSS 10.0 Could Have Compromised Every Tenant Worldwide

Do Son September 22, 2025

In one of the most significant discoveries of 2025, security researcher Dirk-jan Mollema revealed a vulnerability in...

TeamFiltration Weaponized: UNK_SneakyStrike Campaign Targets 80,000+ Microsoft Entra ID Accounts entra

entra

TeamFiltration Weaponized: UNK_SneakyStrike Campaign Targets 80,000+ Microsoft Entra ID Accounts

Do Son June 13, 2025

According to a new report by Proofpoint, attackers are now actively exploiting the TeamFiltration penetration testing framework...

Detecting Lateral Movement Risks in Microsoft Entra ID’s Cross-Tenant Synchronization Feature Detect Lateral Movement

Detect Lateral Movement

Detecting Lateral Movement Risks in Microsoft Entra ID’s Cross-Tenant Synchronization Feature

Do Son October 30, 2024

In a recent blog post, Lina Lau, founder and hacker at @xintraorg, shed light on the potential...

Stealthy Persistence: Microsoft Entra ID’s Administrative Units Weaponized Microsoft Entra ID - Sticky Backdoor

Microsoft Entra ID - Sticky Backdoor

Stealthy Persistence: Microsoft Entra ID’s Administrative Units Weaponized

Do Son September 19, 2024

In recent research, Datadog Security Labs has shed light on a potential security risk within Microsoft Entra...