Tuesday , July 14 2026
Entra ID

Hackers Exploit Entra ID Accounts to Steal Microsoft 365, Azure Data

Hackers misuse Microsoft Entra ID accounts to steal data from Microsoft 365 and Azure. A very advanced cyberattack by a group called Storm-2949 is aiming at Microsoft Entra ID accounts to take sensitive data from Microsoft 365 and Azure.

Storm-2949 used real cloud management tools to get deep access to SaaS, PaaS, and IaaS environments instead of using harmful payloads.

Meta’s louisiana data center to exceed 250 billion price tag

Meta announced on Monday that its data center in Richland Parish, Louisiana, will grow to 5 gigawatts of computing power....
Read More
Meta’s louisiana data center to exceed 250 billion price tag

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

The attack started with focused social tricks aimed at important users, like IT workers and top managers. The bad actor took advantage of Microsoft’s Self-Service Password Reset (SSPR) by deceiving users into agreeing to multifactor authentication (MFA) requests.

Attackers pretended to be IT support staff and got victims to approve MFA requests by saying they were checking accounts.

Microsoft says the attack shows a rising trend in cloud attacks, where hackers focus more on stealing identities than using usual malware.

Once they got approval, the attackers changed passwords, took away existing login methods, and set up their own MFA devices. This locked out real users while they kept access.

Hackers Exploit Entra ID

After getting in, Storm-2949 quickly started taking data from Microsoft 365 services, like OneDrive and SharePoint.

Storm-2949 attack diagram (Source : Microsoft).

The attackers aimed at important files like VPN setups and remote access steps, showing they were ready to move laterally.

Detection and Defense

Microsoft Defender was key in finding the attack by linking signals from identity, cloud, and endpoint areas. This shows how important integrated detection systems are for cloud security today.

This campaign shows a change to attacks focused on identity in cloud systems. By misusing real admin tools, attackers can work quietly with few signs of a breach.

Organizations are advised to:

Strengthen MFA steps and watch for strange approvals.
Limit RBAC permissions by using the least access needed.
Keep an eye on Microsoft Graph API activity for odd queries.
Secure Key Vault access and check how secrets are used.
Activate cross-domain detection with tools like Microsoft Defender XDR.

As more people use the cloud, protecting identity and access is very important to stop big data breaches.

Indicators of compromise (IOCs):

Indicator Type Description
176.123.4[.]44 IP address Attacker egressed from this address
91.208.197[.]87 IP address Attacker egressed from this address
185.241.208[.]243 IP address ScreenConnect instance used by Attacker

Check Also

Apple

New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide

Researchers at cybersecurity firm Paradigm Shift found a new flaw called usbliter8. This flaw can …