Microsoft Entra ID Global Admin Hijacking Flaw
Description
The provided text originates from a cybersecurity news website, offering an overview of various security topics, tutorials, and available downloads. The central news piece describes a critical vulnerability, CVE-2025-55241, found in Microsoft Entra ID (formerly Azure AD), which could have allowed an attacker with an "actor token" to achieve Global Admin privileges in any company's tenant globally. This flaw, which utilized the deprecated Azure AD Graph API, was particularly dangerous because the tokens lacked proper security controls, such as logging and revocation capabilities, and bypassed Conditional Access restrictions. The text confirms that the researcher, Dirk-jan Mollema, reported the issue to Microsoft, which subsequently patched the critical vulnerability with the maximum CVSS score of 10.0. Surrounding this article are lists of latest security news, such as data breaches and new malware tools, technical tutorials on topics like accessing the Dark Web, and virus removal guides and decrypter tool downloads.
United States
