A critical security vulnerability affecting over 50,000 Azure Active Directory users has been discovered, exposing sensitive employee data through an unsecured API endpoint embedded within a JavaScript file. The incident, uncovered by cybersecurity firm CloudSEK, reveals how a single misconfiguration can grant unauthorized access to Microsoft Graph data, including executive-level information and organizational structures. The […]
The post 50,000+ Azure AD Users Access Token Exposed From Unauthenticated API Endpoint appeared first on Cyber Security News.
This article has been indexed from Cyber Security News