A string of bugs when chained together created the perfect attack to gain access to someone’s Microsoft account — simply by tricking a user into clicking a link. Sahad Nk, an India-based bug hunter, discovered that a Microsoft subdomain, “success.office.com,” had not been properly configured, allowing him to take it over. He used a CNAME […]...