Microsoft ID Security Gaps That Let Threat Actor Steal Signing Key

China’s Storm-0558 accessed user emails at some 25 enterprise organizations earlier this year using forged tokens.