Thank you Jeff, for solving the mystery of why people interested in making toys no longer visit my website. It was a puzzle why, recently, traffic fell to zero - since my website had always been a helpful resource to answer questions about toy making. The interested individuals

Check this out if you wanna read the most wild story of arguably the single most impactful security issue I’ve seen on Entra for the past 5 years. It’s a good thing Dirk-jan is a good guy cause this is like 11/10 on criticality 😂

@gabsmashh This is such AI written slop. After reading the original report I'm pretty sure this is a specific tenant misconfig and not something generic

Also if someone does know of/or has any legitimate uses of this feature I'd be keen on hearing some unironically since I kinda struggle to think of ones.

Dropped a follow up blog for the talk I did at fwd:cloudsec earlier in the year. Hopefully this makes it easier for people to follow at their own pace about the SharePoint pre-authentication "feature"/issue and orgs can decide to turn it off or not

If anybody is interested in Azure DevOps and how attackers might go about abusing OIDC connections used in pipelines then check out my colleague’s latest blog! https://t.co/frWo1pad8y

Last talk shout out for @nojonesuk and @_Skybound who talked about how to build a new AWS environment. By consultants for consultants and without any extra external consultants! Worth a check out if you’re interested in some of the challenges we faced https://t.co/bhEipxBGAA

Check out @Thomasbyrne__ ‘s talk as well if you wanna see some more usage of RoadRecon with Microsoft Graph! https://t.co/Qaj5DCV6N2

My talk was published mega quickly as its own video by @fwdcloudsec (thanks btw!) So feel free to check it out if you wanna learn some fun SharePoint research outcomes and learn about a “pre-signed url” equivalent method of accessing SharePoint files! https://t.co/YGQxSjPJO0

It’s a packed house over at @_sigil talk on Azure Service Principals, a history on backdooring them, and more!

Check out @_sigil 's talk on Entra 1st-party service principal abuse currently airing at fwd:cloudsec https://t.co/JgTzhf1QfY Deffo a good watch in the current livestream or when the individual talk video drops later on in the channel

Heya got a talk happening later today https://t.co/7DCXq1x0BE where I’m gonna talk about some interesting SharePoint findings! Last one will be particularly interesting to folk 👀 Should be at this live stream

This incredible duo of Leonidas Tsaousis (@laripping) & James Henderson are taking the stage at Offensive X to talk about ‘’ There and Back Again: An Attacker's Tale of DCs in AWS’’ #OffensiveX2025 #CyberSecurity #AWS #RedTeam #CloudSecurity #InfoSec #Hacking

Great presentation & next level memes by @LAripping and James Henderson! @TheOffensiveX

Hey @NathanMcNulty gathering some data and wanted to get your thoughts. On the topic of exclusions, what are the best approaches for Conditional Access in Entra and exclusions for endpoints in MDE in the context of a large enterprise? CA policies I'm a fan of Restricted AU sec

An in-depth look at the recently published EchoLeak vulnerability on M365 Copilot by @Aim_Security_ that could lead to data exfiltration just by sending an email to a user who uses Microsoft Office365 Copilot. https://t.co/yuLaBbNUYF

I love how when I'm testing CA policies I can just google around a bit and find @NathanMcNulty 's detailed guides around some of the issues😂 P.S Also pro-tip for people playing with attributes remember that there is an Attribute assignment AND definition adm role

I did a thing. Thanks @CloudSecPod for having me!

This is truly amazing. The Deputy White House Press Secretary is claiming that I'm wrong, and that the "tariff rates" on Trump's chart were calculated by "literally" measuring every country's tariffs and non-tariff trade barriers. To prove it, he screenshots the formula the USTR