Vulnerabilities that have existed for years in WS-Trust could be exploited to attack other services such as Azure and Visual Studio. Researchers at Proofpoint said they tested a number of IDP solutions, discovered those that were susceptible, and mitigated the issues. MFA is becoming a must-have security layer to protect cloud environments, researchers said. Microsoft 365 also recently faced another phishing attack this week using a new technique to make use of authentication APIs to validate victims credentials.
Source: https://threatpost.com/flaws-in-microsoft-365s-mfa-access-cloud-apps/159240/