Microsoft Azure AD Graph Actor-token mitigation
Advisory/Mitigation
Summary
Hide ▲
Show ▼
Microsoft pushed an additional mitigation that blocks Actor token requests for Azure AD Graph, reducing the chance that a similar cross-tenant validation flaw could be abused. The change affects the token request path inside a tenant and adds defense in depth around the impersonation mechanism. It narrows abuse of a service still used by Microsoft applications and directly hardens the affected authentication surface.
Related Happenings
Microsoft out-of-band security update for ASP.NET Core Data Protection (CVE-2026-40372)
Security Patch Release
First: 22.04.2026 11:08
Last: 22.04.2026 11:08
Sources 1
About this happening:
**Microsoft** released **out-of-band security updates** for **CVE-2026-40372**, an **ASP.NET Core Data Protection** flaw that could let attackers forge authentication cookies and...
Microsoft out-of-band security update for ASP.NET Core Data Protection (CVE-2026-40372)
Security Patch ReleaseAbout this happening: **Microsoft** released **out-of-band security updates** for **CVE-2026-40372**, an **ASP.NET Core Data Protection** flaw that could let attackers forge authentication cookies and...
W3LL Microsoft 365 adversary-in-the-middle phishing campaign
Campaign
First: 13.04.2026 21:55
Last: 13.04.2026 21:55
Sources 1
About this happening:
The **W3LL** phishing operation turned into a high-volume **Microsoft 365** credential-theft campaign, exposing **more than 17,000 victims worldwide** to **BEC** risk. The kit use...
W3LL Microsoft 365 adversary-in-the-middle phishing campaign
CampaignAbout this happening: The **W3LL** phishing operation turned into a high-volume **Microsoft 365** credential-theft campaign, exposing **more than 17,000 victims worldwide** to **BEC** risk. The kit use...
Microsoft AiTM payroll pirate attack mitigation
Advisory/Mitigation
First: 10.04.2026 14:56
Last: 10.04.2026 14:56
Sources 1
About this happening:
**Microsoft** is urging defenders to harden **Microsoft 365** and related **HR workflows** against **AiTM**-driven payroll theft by requiring **phishing-resistant MFA**, blocking...
Microsoft AiTM payroll pirate attack mitigation
Advisory/MitigationAbout this happening: **Microsoft** is urging defenders to harden **Microsoft 365** and related **HR workflows** against **AiTM**-driven payroll theft by requiring **phishing-resistant MFA**, blocking...
Storm-2755 payroll pirate campaign targeting Canadian employees
Campaign
First: 10.04.2026 14:56
Last: 10.04.2026 14:56
Sources 1
About this happening:
The **Storm-2755** campaign is stealing **Canadian employees' salary payments** by hijacking accounts through **Microsoft 365** phishing pages, creating immediate payroll-diversio...
Storm-2755 payroll pirate campaign targeting Canadian employees
CampaignAbout this happening: The **Storm-2755** campaign is stealing **Canadian employees' salary payments** by hijacking accounts through **Microsoft 365** phishing pages, creating immediate payroll-diversio...
OAuth device-code phishing campaign targeting SaaS accounts
Campaign
First: 04.04.2026 17:17
Last: 04.04.2026 17:17
Sources 1
About this happening:
A **device code phishing** campaign now includes **EvilTokens**, a **phishing-as-a-service** kit sold on **Telegram** that uses the **OAuth 2.0 device authorization flow** to hija...
OAuth device-code phishing campaign targeting SaaS accounts
CampaignAbout this happening: A **device code phishing** campaign now includes **EvilTokens**, a **phishing-as-a-service** kit sold on **Telegram** that uses the **OAuth 2.0 device authorization flow** to hija...
Timeline
-
19.09.2025 16:47 2 articles · 8mo ago
Microsoft Azure AD Graph Actor-token mitigation
Initial DisclosureFollowing the vulnerability disclosure and conference presentations, **Microsoft** deployed an added control that blocks **Actor tokens** for **Azure AD Graph**. The early mitigation shuts down the token request path that underpinned impersonation and cross-tenant abuse.
Show sources
- Critical Azure Entra ID Flaw Highlights Microsoft IAM Issues — www.darkreading.com — 19.09.2025 16:47
- Critical Azure Entra ID Flaw Highlights Microsoft IAM Issues — www.darkreading.com — 19.09.2025 16:47