Morning Review in IT Security — April 27, 2026

Today's security landscape reflects ongoing vulnerabilities in cloud infrastructure, third-party platforms, and emerging criminal services targeting both private sector and government entities. Four significant incidents have emerged overnight, spanning privilege escalation flaws, major data breaches, and the proliferation of illegal services on darknet forums.

Microsoft Entra Agent ID Flaw Enabled Tenant Takeover via Privilege Escalation

A critical vulnerability in Microsoft Entra has been identified and patched, exposing organizations to tenant takeover through privilege escalation mechanisms. The flaw centered on Agent ID mishandling allowed threat actors to abuse Service Principal accounts, potentially granting unauthorized access to entire cloud tenants. Microsoft has confirmed the patch is now fully deployed. Source: Microsoft Entra Agent ID Flaw Enabled Tenant Takeover via Privilege Escalation

ADT and Udemy Salesforce Data Dumped by ShinyHunters

A significant data breach has exposed customer information from both ADT and Udemy through compromised Salesforce instances. The threat actor group ShinyHunters has publicly dumped the stolen datasets, raising serious concerns about third-party platform security and the supply chain risks inherent in cloud-based customer relationship management systems. Source: ‼️🇺🇸 ADT and Udemy Salesforce data dumped by "ShinyHunters"

Get Covered Renters Insurance Platform Breach Exposes 1M+ Customer Records

Get Covered, a United States-based renters insurance platform, has suffered a major data breach affecting over one million customer and policy records. The threat actor operating under the alias "sexybroker" is offering the stolen dataset for sale on a popular cybercrime forum at a price of $1,000, with the sale restricted to a single buyer. The breach represents a significant privacy incident affecting sensitive insurance and personal information. Source: ‼️🇺🇸 Get Covered, a U.S.-based renters insurance platform, has allegedly been breached, with ov...

Criminal Services Exploit Government Email Access and Legal Process Abuse

Threat actors are now openly advertising illegal services on darknet forums that facilitate unauthorized access to government and police email systems. These services extend to forging critical legal documents including court orders, subpoenas, and Mutual Legal Assistance Treaty documents, alongside Emergency Data Request capabilities across major platforms and domain suspension services. This development represents a direct threat to law enforcement operations and government security infrastructure. Source: ‼️ A threat actor is allegedly offering government and police email access for Emergency Data Req...

The convergence of cloud infrastructure vulnerabilities, widespread third-party breaches, and the maturation of criminal service offerings underscores the critical need for enhanced security posture across enterprise platforms, particularly in identity and access management systems and third-party vendor oversight.