Information security
fromSecurityWeek
3 weeks agoAll Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher
Undocumented Microsoft Actor tokens plus an Azure AD Graph validation flaw allowed cross-tenant impersonation without logging, enabling undetectable global Entra ID compromise.