Tag: entra id
7 articles

NSA, CISA Warn Federal Agencies of Identity Security Risks
The NSA and CISA are sounding the alarm: identity security risks are now the frontline in federal cybersecurity, with Active Directory and Entra ID being prime targets for cyber attackers. Recent incidents show that nearly 75% of major federal cyber breaches in the last five years involved compromised identities.

Varonis Launches Breach at the Beach, a Hands-On Entra ID Training Experience
Get ready to dive into the world of Entra ID with Varonis' immersive Breach at the Beach training experience, where you'll learn to navigate the complex control plane that connects users, applications, and AI-powered workflows. Discover how to defend against threats that exploit non-human identities and automate breaches.

Nation-State Actors Exploit ROADtools in Cloud Attacks
Cloud attackers are now leveraging ROADtools, a publicly available toolkit, to exploit vulnerabilities in cloud tenants, allowing them to persist, discover, and evade defenses with ease. This dual-use framework's ability to speak Entra ID and Microsoft Graph makes it a red flag for defenders to take notice.

Microsoft Vulnerabilities Spike in Critical Areas
A single critical flaw, like CVE-2025-55241, can give attackers unrestricted access to any tenant, highlighting the alarming rise in critical Microsoft vulnerabilities, which doubled in 2025 despite a stable overall number of vulnerabilities. This sharp increase in high-impact weaknesses demands attention and action.

Active Directory Breaches Persist After Password Resets
Resetting passwords isn't enough to keep hackers at bay, especially in Active Directory environments where cached credentials and sync delays can leave gaping security holes. Even after a password reset, attackers can still find ways to exploit outdated credentials and gain unauthorized access.

Microsoft Fixes Entra ID Flaw That Enabled Service Principal Takeovers
Microsoft has patched a vulnerability in Entra ID that allowed hackers to hijack service principals, potentially leading to full takeover of sensitive systems. A security researcher discovered the flaw, which stemmed from overly broad permissions in the Agent ID Administrator role.

Microsoft Graph API Change Disrupts Universal Print Sharing
Microsoft revealed that a recent code change to the Microsoft Graph API caused a ripple effect, introducing a critical error that disrupted Universal Print sharing and left many users in a frustrating limbo. The error sparked a chain reaction, exposing a long-standing issue that prevented share operations from completing as expected.