Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Microsoft tightens cloud login process to prevent common attack

By CIO Dive by By CIO Dive
November 26, 2025
Home Enterprise IT
Share on FacebookShare on Twitter


This audio is auto-generated. Please let us know if you have feedback.

Microsoft is tightening its cloud platform’s login system to make it harder for hackers to hijack users’ accounts.

Beginning next October, Microsoft’s Entra ID cloud identity management platform will block scripts from running during the login process unless they originate from “trusted Microsoft domains,” the company said on Monday.

“This is a proactive measure that further shields your users against current security risks, such as cross-site scripting (XSS), where attackers can insert malicious code into websites,” Ankur Patel, an Entra ID product manager, wrote in a blog post.

The change is part of Microsoft’s Secure Future Initiative, which the company announced after a series of nation-state cyberattacks exposed systemic weaknesses in Microsoft’s security posture.

Microsoft said it would enforce the script restrictions through a modification to the Content Security Policy browser security header, a piece of code that tells web browsers how to handle content securely.

The update will not apply to Entra External ID, which handles authentication in applications other than web browsers.

Microsoft encouraged organizations to test their sign-in processes ahead of the change “to ensure a smooth rollout.”

Persistent flaw

Software developers have understood the risks of cross-site scripting attacks for decades, but these attacks remain a powerful tool for hackers because the underlying vulnerabilities remain widespread — even in modern applications developed with the latest tools.

“At Microsoft, we still receive a steady stream of XSS reports across our services, from legacy portals to newly deployed single-page apps,” the company said in a September blog post. The Microsoft Security Response Center mitigated nearly 1,000 XSS vulnerabilities between January 2024 and mid-2025, according to the post.

“Despite advancements in browser security, content security policies (CSP), and secure-by-default libraries,” Microsoft said, “XSS remains a persistent threat vector with real-world consequences.”



Source link

By CIO Dive

By CIO Dive

Next Post
Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets

Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets

Recommended.

ConnectWise CEO: MSP Market To See ‘Double-Digit’ Growth Over Next Five Years

ConnectWise CEO: MSP Market To See ‘Double-Digit’ Growth Over Next Five Years

March 10, 2025
Granite’s Charlie Pagliazzo Recognized as 2025 CRN® Channel Chief

Granite’s Charlie Pagliazzo Recognized as 2025 CRN® Channel Chief

February 3, 2025

Trending.

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

May 19, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio