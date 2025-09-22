  • Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
Microsoft Entra ID flaw allowed hijacking any company's tenant

erek

erek

[H]F Junkie
2FA
Joined
Dec 19, 2005
Messages
13,503
“In late June, the company warned that apps configured for extended access but still used Azure AD Graph would no longer be able to use the APIs starting early September 2025.

Mollema reported the issues to Microsoft on July 14 and the company confirmed that the problem was resolved nine days later.

On September 4, Microsoft also patched CVE-2025-55241, describing it as a critical privilege escalation vulnerability in Azure Entra.”

Source: https://www.bleepingcomputer.com/ne...d-flaw-allowed-hijacking-any-companys-tenant/
 
