Account getting locked out frequently in Active Directory

Active Directory account lockouts happen when too many failed login attempts trigger security limits. Configure the Account ...

How weak passwords and other failings led to catastrophic breach of Ascension

“Fundamentally, the issue that leads to Kerberoasting is bad passwords,” Tim Medin, the researcher who coined the term ...
The Hacker News

Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants

July 17, 2025; CVSS 10.0 Entra ID bug via legacy Graph enabled cross-tenant impersonation risking tenant compromise.

Microsoft’s Entra ID vulnerabilities could have been catastrophic

Known as Entra ID, the system stores each Azure cloud customer’s user identities, sign-in access controls, applications, and ...
CSO Online

Entra ID vulnerability exposes gaps in cloud identity trust models, experts warn

Though patched, the flaw underscores systemic risks in cloud identity systems where legacy APIs and invisible delegation ...

Actor auth tokens gave Global Admin access across Azure Entra ID tenants

A Dutch security researcher has published an indepth analysis of a critical vulnerability that could have allowed attackers ...

Microsoft releases Windows Backup for Organizations to ease migration of user settings to Windows 11

Entra ID gets new feature making it easier to backup and restore systems without the need for manual IT intervention.
Security Boulevard

Why DevOps Still Struggles with Least Privilege (Even in 2025)

While least privilege remains a fundamental security principle, DevOps teams consistently fail to apply it to non-human identities, like CI/CD pipelines and applications. This struggle stems from a ...

U.S. Senator accuses Microsoft of “gross cybersecurity negligence”

U.S. Senator Ron Wyden has sent a letter to the Federal Trade Commission (FTC) requesting the agency to investigate Microsoft ...
Security Boulevard

Response to CISA Advisory (AA25-239A): Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System

AttackIQ has updated the assessment template that emulates the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the Chinese adversary Salt Typhoon and released a new ...