'Cookie Bite' Entra ID Attack Exposes Microsoft 365

A proof-of-concept (PoC) attack vector exploits two Azure authentication tokens from within a browser, giving threat actors persistent access to key cloud services, including Microsoft 365 applications.

Apr. 23, 2025 Signup

Daily Edition

Today’s news and insights for cybersecurity professionals

- Today's News and Features -

TOP STORY

'Cookie Bite' Entra ID Attack Exposes Microsoft 365‎‎ A proof-of-concept (PoC) attack vector exploits two Azure authentication tokens from within a browser, giving threat actors persistent access to key cloud services, including Microsoft 365 applications.‎‎ Keep Reading →

Microsoft Purges Millions of Cloud Tenants in Wake of Storm-0558‎‎ The tech giant is boosting Entra ID and MSA security as part of the wide-ranging Secure Future Initiative (SFI) that the company launched following a Chinese APT's breach of its Exchange Online environment in 2023.‎‎

Verizon: Edge Bugs Soar, Ransoms Lag, SMBs Bedeviled‎ The cybersecurity landscape confounded expectations in 2024, as anticipated threats and risk didn't materialize and less widely touted attack scenarios shot up.‎

City of Abilene Goes Offline in Wake of Cyberattack‎‎ The Texas municipality is following its incident response playbook as it works with a third-party to investigate the scope and scale of the attack.‎‎

3 More Healthcare Orgs Hit by Ransomware Attacks‎‎ Dialysis firm DaVita, Wisconsin-based Bell Ambulance, and Alabama Ophthalmology Associates all suffered apparent or confirmed ransomware attacks this month.‎‎

DR GLOBAL

Zambia's Updated Cyber Laws Prompt Surveillance Warnings‎ Critics — which include the US embassy in Zambia — contend the just-signed Cyber Security Act and the Cyber Crime Act allow suppression of dissent and too much concentration of power.‎

THE EDGE

How Emerging AI Frameworks Drive Business Value and Mitigate Risk‎ Understanding how multiple AI models speak to each other and deciding which framework to use requires careful evaluation of both the business benefits of advanced AI orchestration and the cybersecurity implications of connecting automated services.‎

DR TECHNOLOGY

Terra Security Automates Penetration Testing With Agentic AI‎ Agentic AI's appeal is growing as organizations seek more autonomous and hands-off approaches to their security protocols as risks increase and threats become more sophisticated.‎

SPONSORED ARTICLE

Why We Need Proactive Security in the Age of AI‎‎ New study shows that artificial intelligence creates bigger threats to credential security, making traditional migration tools less effective.‎‎

Read More →

- Commentary -

Opinions from thought leaders around the cybersecurity industry

'Fog' Hackers Troll Victims With DOGE Ransom Notes‎‎ Since January, threat actors distributing the malware have notched up more than 100 victims.‎‎

The Global AI Race: Balancing Innovation and Security‎‎ The AI security race is on — and it will be won where defenders come together with developers and researchers to do things right.‎‎

More Commentary →

- Upcoming Events -

Apr 23, 2025 Find and Fix Application Vulnerabilities... At Cyber Speed

Apr 24, 2025 Defend Against Critical Data Attacks with Rubrik & CrowdStrike

Aug 2, 2025 [Conference] Black Hat USA - August 2-7 - Learn More

More Events →

- More Resources -

WHITE PAPER MSSP Checklist: Increase Sales With the Right Tools and More

WHITE PAPER SMB Cyber Survival Checklist

WHITE PAPER Secure remote access. Simplified.

REPORT Building Blocks for Next-Gen Security Operations

More Resources →

- Elsewhere in Cyber Today -

CYBERSECURITY DIVE

CISA's Secure by Design Initiative in Limbo After Key Leaders Resign

FUTURUM

CyberArk Impact 2025 Articulates a Possible Future of Identity-Driven Security

PHIL VENABLES

Why Stuff Fails ("The Thermocline of Truth")

- Do You Find Today’s Newsletter Helpful? -

Yes Not sure No

You received this message because you are subscribed to Dark Reading's Daily newsletter. If a friend forwarded you this message, sign up here to get it in your inbox. Thoughts about this newsletter? Give us feedback.

Advertise With Us | Privacy Policy | Unsubscribe Copyright © 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. Operated by TechTarget, Inc. and its subsidiaries, 275 Grove Street, Newton, Massachusetts, 02466 US