Backdooring Microsoft’s applications is far from over. Adding service principal credentials to these apps to escalate privileges and obfuscate activities has been seen in nation-state attacks, and led to the development of new security controls. Despite these efforts, we uncovered a vulnerable, built-in SP that could have allowed escalation from Application Administrator to any hybrid tenant user, including Global Admin. – Read more
Latest article
Deploy AWS applications and access AWS accounts across multiple Regions with IAM Identity Center
If your organization relies on AWS IAM Identity Center for workforce access, you can now extend that access across multiple AWS Regions...
CVE-2026-26017 CoreDNS ACL Bypass
Information published. - Read more
Malicious npm Packages Posing as Solara Executor Target Discord, Browsers, and Crypto Wallets
JFrog security researchers Guy Korolevski and Meitar Palas uncovered a sophisticated supply chain attack on the npm ecosystem on March 12, 2026, in which...
Ivanti Connect Secure Zero-Day Vulnerability
What are the Vulnerabilities? Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283,...
