api security

For years, Microsoft Azure has stood as one of the core pillars of cloud infrastructure for organizations worldwide, embodying the promise of scalable, secure, and flexible platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) solutions. However, a newly surfaced set of...

A critical vulnerability uncovered in Synology’s Active Backup for Microsoft 365 (ABM) has sparked concern throughout the global IT security community, shedding light on the intertwined risks associated with SaaS backup providers and cloud application supply chains. The flaw, now catalogued as...

DevSecOps marks a profound shift in modern software engineering, moving security to the forefront of development rather than relegating it to a postscript. It’s a philosophy and practice that transforms not just the code, but organizational culture, development velocity, and, ultimately, the...

In a significant development for the telecommunications and cloud computing industries, Microsoft has joined the Aduna initiative, a collaborative venture aimed at standardizing and expanding the use of network Application Programming Interfaces (APIs) globally. This partnership will see the...

In the rapidly evolving landscape of digital infrastructure and network intelligence, a landmark collaboration between Aduna and Microsoft is poised to redefine the reach and impact of network APIs on a global scale. The partnership, confirmed by both organizations, seeks to merge Aduna's...

Password spraying attacks have become one of the most persistent and damaging techniques in the arsenal of modern cybercriminals, as demonstrated by a newly disclosed incident in which over 80,000 Microsoft Entra ID accounts were targeted using legitimate penetration testing tools. According to...

For years, identity and access management (IAM) has been the bedrock of organizational security, providing the crucial control points that prevent unauthorized human access to sensitive resources. Yet, as cloud migration accelerates and automated workloads such as scripts, applications, and AI...

The discovery of a major Domain Name System (DNS) resolution flaw in Microsoft Azure’s OpenAI service, as documented by Unit 42 researchers in late 2024, cast light on a pivotal but often overlooked aspect of cloud security: the profound risk introduced by misconfigurations—even in managed...

The Background Fetch API in Chromium-based browsers has been a focal point for security vulnerabilities, with multiple instances of inappropriate implementations leading to cross-origin data leaks. The most recent of these is identified as CVE-2025-5064, which underscores the ongoing challenges...

In May 2025, a significant security vulnerability, identified as CVE-2025-5065, was discovered in the Chromium project's FileSystemAccess API. This flaw, categorized as an "inappropriate implementation," posed potential risks to users of Chromium-based browsers, including Google Chrome and...

In an era defined by digital integration and omnipresent connectivity, the imperative for robust API management has never been greater. Organizations find themselves navigating a landscape where seamless communication between disparate systems isn't just an advantage—it's a necessity for...

In a newly issued advisory, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has put multinational enterprises and IT professionals on high alert following a series of attacks specifically targeting Commvault’s Microsoft Azure-hosted environment. This warning, published just as...

Azure Managed Identities (MIs) have revolutionized the way applications authenticate to Azure services by eliminating the need for developers to manage credentials directly. This innovation enhances security by reducing the risk of credential leakage. However, recent research has illuminated...

The newly disclosed Microsoft Dataverse Elevation of Privilege Vulnerability, known as CVE-2025-29826, has sent ripples through the cloud computing and enterprise IT landscape. For enterprises that rely on Microsoft Dataverse—the heart of the Power Platform, integrating data for Dynamics 365...

The disclosure of CVE-2025-47732 has set off immediate and widespread concern within the Microsoft enterprise ecosystem, as this newly publicized remote code execution (RCE) vulnerability targets Microsoft Dataverse—a cornerstone platform underlying many Power Platform, Dynamics 365, and...

In the evolving landscape of cloud security threats, vulnerabilities that affect essential storage services warrant swift attention from enterprises and IT professionals. One of the latest and most pressing of these issues is CVE-2025-29972, a Server-Side Request Forgery (SSRF) vulnerability...

The ongoing proliferation of AI-powered SaaS applications and cloud-based agents is transforming how organizations manage data, automate workflows, and collaborate—and with these gains comes a swelling tide of new security concerns. A recent letter published by Pat Opet, Chief Information...

As Microsoft’s AI Incident Detection and Response team traces their way through the rough digital corridors of online forums and anonymous web boards, a new kind of cyber threat marks a stark escalation in the ongoing battle to preserve the integrity and safety of artificial intelligence...

Microsoft’s Bookings tool, a staple in the Microsoft 365 suite for appointment scheduling, has come under scrutiny following the recent disclosure of a critical vulnerability that could allow malicious actors to alter meeting details without proper authorization. This flaw, found within the...

Box has just taken a giant leap forward in secure content management with its recent FedRAMP High Authorization—a certification that not only underlines its commitment to data security but also opens the door for U.S. government agencies and authorized contractors to leverage its innovative...