News

The Register on MSN

One token to pwn them all: Entra ID bug could have granted access to every tenant

Until Microsoft lobbed it into a virtual volcano A security researcher claims to have found a flaw that could have handed him ...
Techzine Europe

Dutch hacker: all Microsoft Entra ID tenants at risk

Dutch security researcher Dirk-jan Mollema discovered a critical vulnerability in Microsoft Entra ID that allowed full access ...
CSO Online

Entra ID vulnerability exposes gaps in cloud identity trust models, experts warn

Though patched, the flaw underscores systemic risks in cloud identity systems where legacy APIs and invisible delegation ...

Actor auth tokens gave Global Admin access across Azure Entra ID tenants

A Dutch security researcher has published an indepth analysis of a critical vulnerability that could have allowed attackers ...

Max severity Argo CD API flaw leaks repository credentials

An Argo CD vulnerability allows API tokens with even low project-level get permissions to access API endpoints and retrieve ...
Bleeping Computer

Twitter is warning devs that API keys and tokens may have leaked

Twitter is emailing developers stating that their API keys, access tokens, and access token secrets may have been exposed in a browser's cache. In an email seen by BleepingComputer, Twitter explains ...
ZDNet

Heroku to begin user password reset almost a month after GitHub OAuth token theft

Heroku has alerted a "subset" of its users that it is going to reset their passwords on May 4 unless they change passwords beforehand. In resetting the password, the company is warning that existing ...
Torque News

My Tesla Model Y Was Remotely Unlocked By Thieves Who Compromised My Tessie API Token, Then They Arrived Three Minutes Later To Ransack The Vehicle

Thieves just hacked a Tesla Model Y by compromising a third-party app’s API token, remotely unlocking the car in the middle ...