Threat Post

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...
Security Boulevard

The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity

The Trivy incident exposed a credential architecture failure, not just a supply chain one. Here’s the case for workload ...
TechRadar

Microsoft says all Azure sign-ins will now need to use multi-factor authentication to enhance account security

Microsoft has announced all Azure sign-ins will soon have to use multi-factor authentication (MFA) to enhance account security. The authentication methods offered by the Azure platform include mobile ...
Bleeping Computer

Latest Azure AD news

A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. Microsoft has fixed an issue that caused Entra ID DNS ...
Security Boulevard

MCP Authentication and Authorization Patterns

In MCP, every request comes from a nonhuman identity: an agent, server or tool. These identities don't act under direct human oversight. They generate requests dynamically, chain operations and carry ...