Access Tokens
The latest Access Tokens coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Authenticator Token Leak Lets Attackers Bypass MFA for Work Accounts
Microsoft has disclosed a serious information disclosure vulnerability in Microsoft Authenticator, assigned CVE-2026-41615, that could allow an attacker to steal sign-in access tokens for work...
Exposed appsettings.json Files Unleash 'Master Key' to Azure Tenants via OAuth Token Abuse
A single, publicly exposed appsettings.json file containing Azure Active Directory (now Entra ID) application credentials can act as a master key to an organization’s entire cloud estate, security...
Exchange Hybrid Attack Turns On-Prem Admin into Cloud Hijacker: CVE-2025-53786 Exposes Identity Perimeter Crisis
A single compromised on-premises Exchange administrator can now seize control of an organization’s entire Microsoft 365 cloud—for up to 24 hours, with virtually no audit trail. That is the urgent...
CLI Guide for Automating On-Prem Azure DevOps Server
Introduction Microsoft's Azure DevOps ecosystem offers a comprehensive suite of tools for software development, including Azure DevOps Services (cloud-based) and Azure DevOps Server (on-premises)....