{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Talkin' Bout [Infosec] News","title":"Dirk-Jan Mollema Walks Us Through the Entra ID Cross-Tenant Vulnerability Discovery– 2025-09-22","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/c77a6ea4\"></iframe>","width":"100%","height":180,"duration":3619,"description":"Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — Unnatural European Fridges03:34 - The Entra ID Cross-Tenant Vulnerability Discovery – BHIS - Talkin’ Bout [infosec] News 2025-09-2204:14 - Story # 1: One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens21:32 - Story # 2: Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages40:50 - OSSPREY – NPM Package @Ctrl/Tinycolor Compromised: Shai Hulud Malware Targets Secrets and Persistence51:41 - Story # 3: Verified Steam game steals streamer’s cancer treatment donations57:16 - Story # 4: Heathrow warns of second day of disruption after cyber-attack","thumbnail_url":"https://img.transistorcdn.com/WPYM9pq_SRUcywHv9tdgpsGLyLx04W2rDmzktvAcD4Y/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8xZTA1/ZWZhNDcxZGM4ZTFj/ZGJhMTMwNmYzMmJj/ZjBkNi5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}