‘Cookie Bite’ Entra ID Attack Exposes Microsoft 365

A proof-of-concept (PoC) attack vector exploits two Azure authentication tokens from within a browser, giving threat actors persistent access to key cloud services, including Microsoft 365 applications.