A severe security flaw, dubbed nOAuth, has been identified in certain software-as-a-service (SaaS) applications integrated with Microsoft Entra ID, potentially allowing attackers to achieve full account takeover across tenant boundaries. Research conducted by Semperis, disclosed on June 26, 2025, revealed that 9 out of 104 tested applications approximately 9% within the Microsoft Entra App Gallery […]

The post nOAuth Exploit Enables Full Account Takeover of Entra Cross-Tenant SaaS Applications appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Source: gbHackers
Source Link: https://gbhackers.com/noauth-exploit-enables-full-account-takeover/