Skip to content
Threat Feed

Tag

Graphapi

4 briefs RSS
critical threat

Azure AD Privileged Graph API Permission Assignment

Detection of high-risk Graph API permission assignments (Application.ReadWrite.All, AppRoleAssignment.ReadWrite.All, and RoleManagement.ReadWrite.Directory) in Azure AD, potentially leading to unauthorized modifications and security breaches.

Azure Active Directory NOBELIUM Group azuread cloud graphapi privilegeescalation persistence
2r 1t
medium advisory

Microsoft Graph API Email Access by Unusual Client and User

Detects anomalous access to email resources via Microsoft Graph API, potentially indicating a compromised OAuth refresh token or Primary Refresh Token (PRT) being used by an attacker.

Microsoft 365 +1 azure graphapi email oauth credentialtheft
2r 1t
medium advisory

Unusual Microsoft Graph Email Access via OAuth Application

An adversary might use a phished OAuth refresh token or Primary Refresh Token (PRT) with a first-party application to access email resources via Microsoft Graph API, particularly focusing on unusual application and user combinations.

Microsoft Graph API +2 azure graphapi oauth email
2r 2t
low advisory

Microsoft Graph API Request User Impersonation by Unusual Client

Detection of the first-time use of a Microsoft Graph API request by a specific client application ID, user principal object ID, and tenant ID, potentially indicating unauthorized access via phishing, token theft, or OAuth abuse.

Microsoft Graph API +1 cloud azure graphapi initial_access
2r 2t