Microsoft on Friday said a validation error in its source code allowed for Azure Active Directory (Azure AD) tokens to be forged by a malicious actor known as Storm-0558 using a Microsoft account (MSA) consumer signing key to breach two dozen organizations.
“Storm-0558 acquired an inactive MSA consumer signing key and used it to forge authentication tokens for Azure AD enterprise and MSA
Related Post
- February 25, 2025
FatalRAT Phishing Attacks Target APAC Industries Using Chinese
Various industrial organizations in the Asia-Pacific (APAC) region have been targeted as part of phishing attacks designed to deliver a
- February 25, 2025
Two Actively Exploited Security Flaws in Adobe and
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product
- February 24, 2025
New Malware Campaign Uses Cracked Software to Spread
Cybersecurity researchers are warning of a new campaign that leverages cracked versions of software as a lure to distribute information
- February 24, 2025
More Research Showing AI Breaking the Rules
These researchers had LLMs play chess against better opponents. When they couldn’t win, they sometimes resorted to cheating. Researchers gave