News

Microsoft Entra ID vulnerability allows full account takeover – and takes barely any effort - Friday, June 27, 2025 - 11:22
  • 10% of the 150,000+ SaaS apps on offer could be affected by Entra ID vulnerability
  • It was first disclosed in 2023, but many apps still remain affected
  • App vendors need to issue patches or you risk account takeover

Semperis has released new research uncovering a severe flaw in Microsoft's Entra ID, called nOAuth, and its effects could span 10% of SaaS applications globally.

The vulnerability involves a cross-tenant authentication flaw affecting Entra ID integrations – attackers could execute full account takeover with just access to an Entra tenant and the victim's email.

The report explains that the attack is a low-complexity, low-effort one that bypasses even multi-factor authentication (MFA), conditional access policies and zero-trust security architecture – all things that are generally characteristics of companies with strong cybersecurity postures.

Entra ID vulnerability could have broad effects

Additionally, attackers can get away without leaving much trace, and the Entra ID vulnerability cannot be defended against without vendor-side fixes.

Given that there are an estimated 150,000 SaaS apps in use globally, Semperis suggests more than 15,000 SaaS applications could be affected.

Once an attacker gains access to one of the apps at risk, they can impersonate the victim, gain access to personally identifiable information or exfiltrate data.

Currently, there is no effective way to detect the attack, and prevention is also proving to be troubling without the right fixes from software vendors. Alarmingly, it was first disclosed in 2023, but Semperis' 2025 research shows that it still affects many apps.

Semperis' Chief Identity Architect, Eric Woodruff, commented: "customers are left with no way to detect or stop the attack, making this an especially dangerous and persistent threat."

As such, SaaS vendors are being urged to audit and patch affected apps as quickly as possible. The Microsoft Security Response Center has also advised vendors to follow its guidelines or risk being removed from the Entra gallery.

"We’ve confirmed exploitation is still possible in many SaaS apps, which makes this an urgent call to action. We encourage developers to implement the necessary fixes and help protect their customers before this flaw is exploited further," Woodruff added.

You might also like
AI usage for workers is skyrocketing – and its actually doing everything it promised - Friday, June 27, 2025 - 12:00
  • 96% of workers have filled skills gaps with AI
  • Daily users trust AI more – and get more out of it, too
  • Workers want AI for brainstorming, research and presentations

According to new research form Salesforce, AI is showing signs of shifting from basic applications like task automation to more powerful outcomes, such as enabling creative and strategic work.

With global use of AI for creative and strategic tasks up 154%, artificial intelligence is now unlocking the full potential of the workforce – almost all (96%) workers have used AI for tasks they lacked the skills for.

Not only has AI usage risen, but the number of people using the tech day in, day out has also surged by 233% in the space of six months, with three in five desktop workers using artificial intelligence.

Workers are seeing the benefits of AI

According to the report, daily AI users report high productivity (+64%), focus (+58%) and job satisfaction (+81%). Those who use artificial intelligence daily are also twice as likely to trust it, with many workers relying on the tech to eliminate research efforts, get help with writing and communication, and support brainstorming.

Nevertheless, some workers remain more open to emerging technologies than others. For example, 30% of Millennials claim strong understanding of AI agents compared with 22% of Gen Z. In fact, more than two-thirds (68%) of Millennials now use AI for strategic tasks like drafting and summarizing.

"As workers actually use and experiment with AI agents, their trust and enthusiasm in this technology grows – and we see them leveraging agents to unlock new skills and opportunities in their everyday work," Research VP Lucas Puente explained.

Salesforce also reports that the higher up the organizational tree you are, the more likely you are to become a user – 43% of execs use AI daily, compared with 35% of senior managers and 23% of middle managers.

Looking ahead, the most requested use cases for AI are brainstorming automation and augmentation (72%), research assistance (80%) and presentation generation (82%).

You might also like
Looks like Sony isn't done with new headphones in 2025 yet – could these mysterious cans be your next affordable audio upgrade? - Friday, June 27, 2025 - 12:00
  • New Sony over-ear Bluetooth headphones appear in an official database
  • Possibly a successor to the Sony WH-CH520 or WH-C720N
  • This is a very early leak so a launch may not be imminent

There's no doubt that Sony's WH-1000XM6 over-ears are a truly excellent pair of headphones. But at $449 / £399 / AU$699 they're also a pretty expensive pair of headphones. If you're looking for an audio upgrade but would prefer something a bit more affordable, Sony appears to be preparing exactly that.

A new pair of Sony headphones have leaked, and they appear to be over-ears. And that means they're most likely the successor to the Sony WH-CH520 or WH-C720N – although we can't rule out a brand new model that we haven't seen before.

The first of those had a launch price of $60 / £60 / AU$99, and the latter were $129 / £99 / AU$259. And both are getting on a bit: two years, which is a long time in the headphone market.

The WH-CH520 may also be in line for a replacement later this year (Image credit: Sony)Sony's new over-ear headphones: what we know so far

As is often the case with Sony leaks, the news comes via The Walkman Blog and its access to Sony's shipping manifests.

Those manifests include a new model number, YY2998, which they describe as "Bluetooth headphones with over-head cover, 2.4GHz band, Brand: Sony... Black, Silver". 2.4GHz is where Bluetooth lives.

Previous leaks for a different set of headphones had the model number YY2985, which is believed to be the WF-1000XM6 earbuds that are expected to launch later this year.

The headphones detailed in the manifests appear to be test samples, which means that this is a very early leak: the big leaks tend to be when headphones are submitted to the various certification bodies, a process that tends to happen in the very final stages before product launches.

That suggests that whatever these headphones are, we probably won't see them until the end of this year. So if you're hankering after a set of Sonys but don't want to wait that long, check our our guide to the best Sony headphones for all budgets.

You might also like
Cybercriminals are abusing LLMs to help them with hacking activities - Friday, June 27, 2025 - 12:22
  • New research shows AI tools are being used and abused by cybercriminals
  • Hackers are creating tools that exploit legitimate LLMs
  • Criminals are also training their own LLMs

It’s undeniable that AI is being used by both cybersecurity teams and cybercriminals, but new research from Cisco Talos reveals that criminals are getting creative. The latest development in the AI/cybersecurity landscape is that ‘uncensored’ LLMs, jailbroken LLMs, and cybercriminal-designed LLMs are being leveraged against targets.

It was recently revealed that both Grok and Mistral AI models were powering WormGPT variants that were generating malicious code, social engineering attacks, and even providing hacking tutorials - so it's clearly becoming a popular tactic.

LLMs are built with security features and guardrails, ensuring minimal bias and outputs that consist with human values and ethics, as well as making sure the chatbots don’t engage in harmful behaviour, such as creating malware or phishing emails - but there are work arounds.

Save up to 68% on identity theft protection for TechRadar readers!

TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.

Preferred partner (What does this mean?)View Deal

Jailbroken and uncensored

The so-called uncensored LLMs observed in this research are versions of the AI models that operate outside of the normal constraints. This means that they are able to carry out tasks for criminals and create harmful content. These are quite easy to find, the research shows, and are simple to run - with only relatively simple prompts required.

Some criminals have gone one step further, creating their own LLMs, such as WormGPT, FraudGPT, and DarkGPT. These are marketed to bad actors and have a whole host of nefarious features. For example, FraudGPT claims to be able to create automatic scripts for replicating logs/cookies, write scam pages/letters, find leaks and vulnerabilities, and even learn to code/hack.

Others navigate around the safety features of legitimate AI models through ‘jailbreaking’ chatbots. This can be done using ‘obfuscation techniques,’ which include Base64/Rot-13 encoding, using different languages, “L33t sp34k”, emojis, and even morse code.

“As AI technology continues to develop, Cisco Talos expects cybercriminals to continue adopting LLMs to help streamline their processes, write tools/scripts that can be used to compromise users and generate content that can more easily bypass defenses. This new technology doesn’t necessarily arm cybercriminals with completely novel cyber weapons, but it does act as a force multiplier, enhancing and improving familiar attacks,” the report confirms.

You might also like
Best Internet Providers in Georgia - Friday, June 27, 2025 - 12:45
From nationwide fiber to rural coverage, our experts found the best ISPs to simplify your internet search in the Peach State.
Pokemon TCG Pocket's Eevee Grove Expansion Has Convinced My Partner to Play - Friday, June 27, 2025 - 13:28
My girlfriend bounced off of this trading card game the first time around, but the universal appeal of Eevee is a powerful tool.
iPadOS 26 Almost Turns Your iPad Into a Mac video - Friday, June 27, 2025 - 13:39
The new updates for iPadOS 26 pushes the device closer to a Macbook, and Scott Stein has been hoping for this day for years.
T-Mobile Announces T-Satellite: Rapid Fire Q&A with T-Mobile Exec video - Friday, June 27, 2025 - 14:32
Do you remember your first phone? We asked T-Mobile's head of marketing this and more at an event in Bellevue, where the company also announced the commercial launch date for T-Satellite, its Starlink-based satellite connectivity service (July 23).
Someone Help Me! I Need These Sonic the Hedgehog Magic: The Gathering Cards - Friday, June 27, 2025 - 14:53
Sega's superspeedster is getting some genuinely awesome cards in a limited drop next month.
Chase Sapphire Reserve Launches New $250 Apple Perk. I’m Not Falling for It - Friday, June 27, 2025 - 15:00
The revamped Sapphire Reserve now includes numerous annual credits, new rewards, a larger welcome offer and a higher fee. None of which make the card worth it to me.
Steam Summer Sale: Snag 4 Major Borderlands Games for Under $25 Before Borderlands 4 - Friday, June 27, 2025 - 15:15
This is an amazingly cheap way to get caught up before the new game launches in September.
A New Threads Feature Saves You From Seeing and Posting Spoilers: Here's How It Works - Friday, June 27, 2025 - 15:18
Didn't want to see that plot twist? Marvel and Netflix were the first to try out Threads' new spoiler-blocking feature.
Do You Really Need to Eat 3 Meals a Day? We Asked an Expert Dietician - Friday, June 27, 2025 - 14:30
Is three meals a day is the best for a healthy lifestyle? We consulted with a dietician to find out. Here's what we learned.
Today's Wordle Hints, Answer and Help for June 28, #1470 - Friday, June 27, 2025 - 16:00
Here are hints -- and the answer -- for today's Wordle for June 28, No. 1,470.
Today's NYT Strands Hints, Answers and Help for June 28, #482 - Friday, June 27, 2025 - 16:00
Here are hints -- and answers -- for the NYT Strands puzzle No. 482 for June 28.
Today's NYT Connections: Sports Edition Hints and Answers for June 28, #278 - Friday, June 27, 2025 - 16:00
Here are hints -- and the answers -- for the NYT Connections: Sports Edition puzzle, No. 278, for June 28.
Today's NYT Connections Hints, Answers and Help for June 28, #748 - Friday, June 27, 2025 - 16:00
Here are some hints -- and the answers -- for the NYT Connections puzzle for June 28, #748.
Facing Billions in DMA Fines, Apple Lets EU iPhone Users Install Apps Outside the App Store - Friday, June 27, 2025 - 16:38
A last-minute rule change lets European iPhone owners download apps from rival stores and developer websites, while introducing new fees that Apple hopes will satisfy regulators in Brussels.
How We Test AI - Friday, June 27, 2025 - 16:54
Human editors from CNET go hands-on with generative AI tools from OpenAI, Google and more to find the best ones for your needs. Here's how we do it.
Best Pressure Washers of 2025: I Tested Six Power Washers on Wood, Metal and More - Friday, June 27, 2025 - 17:00
These pressure washers can blast dirt and remove stains without problems. I spent weeks hosing and washing different surfaces to test these high-pressure dirt destroyers.

Pages