Pulse of Truth

1246 readers

57 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth@infosec.pub

50,000+ Azure AD Users Access Token Exposed From Unauthenticated API Endpoint (cybersecuritynews.com)

submitted 3 weeks ago by lemmydev2@infosec.pub to c/pulse_of_truth@infosec.pub

0 comments fedilink hide all child comments

A critical security vulnerability affecting over 50,000 Azure Active Directory users has been discovered, exposing sensitive employee data through an unsecured API endpoint embedded within a JavaScript file. The incident, uncovered by cybersecurity firm CloudSEK, reveals how a single misconfiguration can grant unauthorized access to Microsoft Graph data, including executive-level information and organizational structures. The […] The post 50,000+ Azure AD Users Access Token Exposed From Unauthenticated API Endpoint appeared first on Cyber Security News.

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here