Microsoft Warns Hackers Exploit Password Resets to Access User Accounts – Here’s How to Stay Safe
Microsoft researchers warn that Storm-2949 is abusing the self-service password reset process to hijack accounts Attackers trick victims into accepting MFA prompts via phone calls, then reset passwords and exfiltrate sensitive data The campaign targets Microsoft 365 and Azure environments, where Microsoft is calling for tighter RBAC controls and monitoring of high-risk operations A hacker […]









