SECURITYBLEEPING COMPUTER
Microsoft Self-Service Password Reset abused in Azure data theft attacks
A threat actor is targeting Microsoft 365 and Azure production environments, stealing data by abusing legitimate applications and administration features, including Microsoft Self-Service Password Reset. The attacks are leveraging legitimate tools to gain unauthorized access. This has led to data theft in various instances.