Microsoft 365 and Entra ID are the primary exploitation surface in CrowdStrike’s 2026 Financial Services Threat Landscape Report, specifically targeted by China-nexus group MURKY PANDA via compromised third-party trusted-relationship access. No software CVE is involved; the exposure is architectural, over-permissioned vendor and partner accounts with mailbox-level access in M365 tenants operating without adequate OAuth grant controls or behavioral monitoring. Financial sector organizations running M365 are the primary at-risk population, but the technique applies to any enterprise with delegated partner or MSP access to Entra ID.