Microsoft recognized as a Leader in The Forrester Wave™ for Workforce Identity Security Platforms

Identity is the backbone of modern cybersecurity. Every access decision carries risk, across employees, partners, devices, workloads, and an expanding set of AI-powered agents. But most organizations are still operating across disparate systems. Identity signals are captured in one place, access...

Microsoft Entra 安全漏洞

Microsoft Entra is an identity and access management system developed by the American company Microsoft. There is a security vulnerability in Microsoft Entra, which stems from using alternative paths or channels to bypass authentication. This could allow unauthorized attackers to gain elevated...

UBUNTU-CVE-2026-42177

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability

...

CVE-2026-35431

CVE-2026-35431 covers a spoofing vulnerability in Microsoft Entra ID Entitlement Management. The entry indicates a remote, network-exploitable flaw with no user interaction, causing high impact to confidentiality, integrity, and availability (S:C, C:H, I:H, A:H). Exploit code maturity is UNPROVEN...

GRC-demo-poc-oscal

GRC-OSCAL — continuous compliance, demonstrated A working pro...

EUVD-2026-9338

Authentication bypass in the Microsoft Entra ID Azure AD authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token JWT...

CVE-2026-0948

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 before 1.0.4...

Microsoft Entra authorization issue vulnerability

Microsoft Entra is an identity and access management system developed by the American company Microsoft. There is a vulnerability in Microsoft Entra’s authorization mechanism, which stems from improper authorization practices. Attackers can exploit this vulnerability to gain increased privileges...

DRUPAL-CONTRIB-2026-005

This module enables Drupal sites to authenticate users via Microsoft Entra ID formerly Azure AD using OAuth 2.0. The module doesn't sufficiently validate API responses from Microsoft allowing complete account takeover of any user, including site administrators, without requiring any credentials o...

Microsoft Entra ID SSO Login - Critical - Access bypass - SA-CONTRIB-2026-005

This module enables Drupal sites to authenticate users via Microsoft Entra ID formerly Azure AD using OAuth 2.0. The module doesn't sufficiently validate API responses from Microsoft allowing complete account takeover of any user, including site administrators, without requiring any credentials o...

Access Fabric: A modern approach to identity and network access

Today, most organizations use multiple identity systems and multiple network access solutions from multiple vendors. This happens, either intentionally or organically, when different areas of a company choose different tools, creating a fragmented environment that leaves weaknesses that...

Access Fabric: A modern approach to identity and network access

Today, most organizations use multiple identity systems and multiple network access solutions from multiple vendors. This happens, either intentionally or organically, when different areas of a company choose different tools, creating a fragmented environment that leaves weaknesses that...

Microsoft named a Leader in the Gartner® Magic Quadrant™ for Access Management for the ninth consecutive year

I'm deeply grateful to our customers and partners for their continued trust and collaboration. We’re happy to share that Microsoft has been recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Access Management for the ninth consecutive year. We feel this recognition underscores the...

5 Reasons Why Attackers Are Phishing Over LinkedIn

Phishing attacks are no longer confined to the email inbox, with 1 in 3 phishing attacks now taking place over non-email channels like social media, search engines, and messaging apps. LinkedIn in particular has become a hotbed for phishing attacks, and for good reason. Attackers are running...

Microsoft Entra ID 访问控制错误漏洞

Microsoft Entra ID is a cloud-based identity and management solution from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft Entra ID that stems from an elevation of privilege vulnerability...

Microsoft Entra 授权问题漏洞

Microsoft Entra is an identity and access management system from Microsoft Corporation, USA. An authorization issue vulnerability exists in Microsoft Entra that stems from a potential elevation of privilege...