Microsoft bounty program now includes any flaw impacting its services

Microsoft now pays security researchers for finding critical vulnerabilities in any of its online services, regardless of whether the code was written by Microsoft or a third party.

New ConsentFix attack hijacks Microsoft accounts via Azure CLI

A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) ...
SecurityWeek

Fortinet Patches Critical Authentication Bypass Vulnerabilities

Fortinet patched two critical flaws in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager leading to authentication bypass ...
GitHub

Microsoft Authentication Library (MSAL) for Java

The Microsoft Authentication Library for Java (MSAL4J) enables applications to integrate with the Microsoft identity platform. It allows you to sign in users or apps with Microsoft identities (Azure ...