Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Microsoft Self-Service Password Reset Abused in Azure Data Theft Attacks

Summary by BleepingComputer
A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate applications and administration features.

5 Articles

BleepingComputerBleepingComputer
Center

Microsoft Self-Service Password Reset abused in Azure data theft attacks

A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate applications and administration features.

Read Full Article
itsocial.fritsocial.fr

Storm-2949, the Chain of Attack without Malware Exploiting Legitimate Operations Entra ID, M365 and Azure

The Microsoft Defender Security Research Team has just unveiled a cyber-espionage campaign attributed to an actor named Storm-2949. The attack, without malware or traditional off-site tools, has transformed within a few days a single Microsoft Entra ID identity compromised by social engineering into a complete compromise of a target organization's cloud pile (Microsoft 365, Azure [...] The post Storm-2949, the chain of attack without malware exp…

Read Full Article
Cyber Security NewsCyber Security News

Hackers Abuse Microsoft Entra ID Accounts to Exfiltrate Microsoft 365 and Azure Data

A threat actor known as Storm-2949 has launched a sophisticated, multi-layered cloud attack campaign targeting Microsoft Entra ID accounts to steal sensitive data from Microsoft 365 and Azure environments. The campaign was recently uncovered and has raised serious concerns about how modern attackers can abuse legitimate cloud features to carry out large-scale data theft across organizations. What makes this attack stand out is that it did not re…

Read Full Article
The Cyber ExpressThe Cyber Express

Microsoft Exposes Storm-2949 Azure And M365 Breach

Microsoft Threat Intelligence has disclosed details of a cyberattack carried out by a threat actor tracked as Storm-2949, which escalated from a targeted identity compromise into a large-scale breach of cloud infrastructure and sensitive enterprise systems. The campaign focused heavily on data theft from Microsoft 365 services, Azure-hosted production environments, and cloud storage resources, demonstrating how compromised identities can become …

Read Full Article
Malware Analysis, News and IndicatorsMalware Analysis, News and Indicators

How Storm-2949 turned a compromised identity into a cloud-wide breach

In this article Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affilia…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

Malware Analysis, News and Indicators broke the news on Tuesday, May 19, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Microsoft icon

Microsoft

Cyberattacks icon

Cyberattacks

Cybersecurity icon

Cybersecurity

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal