Cybersecurity Today Extinction Level Cyber Vulnerability Now Fixed
Sep 22, 2025
Discover the fallout from a critical Microsoft Entra ID vulnerability that allowed for dangerous impersonations. Learn about the cyber attack that caused chaos at European airports. Delve into SpamGPT, a new AI tool being misused for phishing scams, and a zero-click flaw that poses risks to user privacy. On a brighter note, hear how Canadian authorities struck a significant blow against crypto crime by seizing over $40 million from the Trade Ogre platform. Stay informed about the rapidly changing landscape of cyber threats!
AI Snips
Chapters
Transcript
Episode notes
Actor Tokens Could Break Tenant Boundaries
- Microsoft's Entra ID flaw allowed actor tokens to impersonate any user across tenants due to insufficient Graph API checks.
- The tokens bypassed conditional access, left no tenant logs, and could not be revoked during their 24-hour validity.
Act Quickly After Identity Vulnerability Disclosure
- Read Dirk's blog and run the IOCs against your environment immediately to detect potential misuse.
- Update Entra/Graph configurations and rehearse this tenant-compromise scenario in executive tabletop exercises.
Airport Check-In Outage Disrupts Flights
- A cyberattack on Collins Aerospace check-in systems forced major European airports to cancel flights and revert to manual operations.
- Heathrow managed most flights; Brussels saw nearly 20% cancellations and warned of bigger disruptions.