Account Lockout
WordPress Motors theme flaw mass-exploited to hijack admin accounts
Hackers are exploiting a critical privilege escalation vulnerability in the WordPress theme “Motors” to hijack administrator accounts and gain complete control of a targeted site. The malicious activity was spotted by Wordfence, which had warned last month about the severity of the flaw, tracked under CVE-2025-4322, urging users to upgrade immediately. Motors, developed by StylemixThemes, […]
Microsoft Entra account lockouts caused by user token logging mishap
Microsoft confirms that the weekend Entra account lockouts were caused by the invalidation of short-lived user refresh tokens that were mistakenly logged into internal systems. On Saturday morning, numerous organizations reported that they began receiving Microsoft Entra alerts that accounts had leaked credentials, causing the accounts to be locked out automatically. Impacted customers initially thought the account lockouts […]
Widespread Microsoft Entra lockouts tied to new security feature rollout
Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID’s “leaked credentials” detection app called MACE. These alerts and lockouts began last night, with some admins believing they were false positives as the accounts have unique passwords that are not used on any […]