CSO Online

EvilTokens abuses Microsoft device code flow for account takeovers

The phishing-as-a-service toolkit leverages legitimate authentication to capture tokens and access Microsoft 365 services.

Microsoft: Agentic AI May Be The 2-In-1 Recovery Catalyst

Microsoft Corporation Q2 flags ROI and RPO worries, but Copilot and agentic AI could lift M365 ARPU and Azure demand. Click ...
Bleeping Computer

Microsoft Entra account lockouts caused by user token logging mishap

Microsoft confirms that the weekend Entra account lockouts were caused by the invalidation of short-lived user refresh tokens that were mistakenly logged into internal systems. On Saturday morning, ...
Computer Weekly

38TB Microsoft data leak highlights risks of oversharing

Microsoft has learned an important lesson after having to clean up a major data leak resulting from an “overly permissive” shared access signature (SAS) token accidentally disclosed by one of its ...
Bleeping Computer

Microsoft Visual Studio Code flaw lets extensions steal passwords

Microsoft's Visual Studio Code (VS Code) code editor and development environment contains a flaw that allows malicious extensions to retrieve authentication tokens stored in Windows, Linux, and macOS ...