ZDNet

Microsoft: Hackers are using this 'concerning' tactic to dodge multi-factor authentication

Microsoft has outlined several mitigations to protect against attacks on multi-factor authentication that will unfortunately make life more difficult for your remote workers. Three years ago, attacks ...
Redmond Magazine

Microsoft Addresses Misconfigured Token Exposing 38TB of Microsoft Data

Microsoft indicated on Monday that it had revoked an overly permissioned Shared Access Signature (SAS) token, said to have exposed "38TB" of internal Microsoft data. The action comes after ...

The attack dominating financial services doesn't steal passwords. It resets MFA and steals the token.

Credential theft fell to 13% of breach vectors in 2026. Attackers now bypass MFA via help desk resets and OAuth token theft. Five attack surfaces mapped.
Dark Reading

Token-Mining Weakness in Microsoft Teams Makes for Perfect Phish

Attackers who gain initial access to a victim's network now have another method of expanding their reach: using access tokens from other Microsoft Teams users to impersonate those employees and ...
GizChina

Behind the Microsoft 38TB Leak: what are SAS tokens and what happened?

Microsoft's AI Data Leak - What was stored in the leaked files? The leaked backup files contained passwords for Microsoft services and secret keys. Furthermore, it had over 30,000 Internal Teams ...
Morning Overview on MSN

Microsoft just confirmed attackers are exploiting an Exchange Server zero-day to silently hijack inboxes — CVE-2026-42897 lets them rewrite emails and steal session tokens

Organizations running Microsoft Exchange Server face an active threat after a zero-day vulnerability was confirmed to allow attackers to silently take over inboxes, rewrite email content, and steal ...