You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
endpoint compromise
About this tag
The endpoint compromise tag on WindowsForum.com covers discussions about security vulnerabilities and attack techniques that target endpoints running Microsoft software. Recent threads highlight risks such as Microsoft Edge storing decrypted passwords in plaintext memory, which can be exploited after an endpoint is breached, and a new cloud attack method that steals Microsoft Entra refresh tokens from compromised endpoints to bypass multi-factor authentication. These topics emphasize the importance of endpoint security, patching, and understanding how attackers leverage legitimate system behaviors to escalate access. The tag is relevant for IT professionals and security researchers focused on Windows and Microsoft ecosystem threats.
Microsoft Edge is reportedly decrypting saved passwords at browser startup and keeping them in plaintext process memory during the session, a behavior publicized on May 4, 2026, by security researcher Tom Jøran Sønstebyseter Rønning and subsequently confirmed as expected behavior by Microsoft...
A new development in the realm of cloud security threats has emerged, offering threat actors a novel way to obtain Microsoft Entra (formerly Azure Active Directory) refresh tokens from compromised endpoints, potentially bypassing even robust multi-factor authentication (MFA) mechanisms. This...