cloud security

The Linux kernel fix tracked as CVE-2025-38158 addresses a subtle but consequential DMA address assembly bug in the Hisilicon VFIO accelerator driver (hisi_acc_vfio_pci) that can leave guest kernel‑mode encryption services broken after live migration — and Microsoft’s short MSRC attestation that...

The University of Georgia has launched a campus AI pilot program for students, marking the latest chapter in a nationwide push by colleges to move beyond blanket bans and toward guided, institution‑level adoption of generative AI tools — a shift that promises productivity and new learning...

Microsoft’s advisory that Azure Linux includes the vulnerable util‑linux library is accurate — but it is not the whole story: the wall (broadcast) bug tracked as CVE‑2024‑28085 is a library / utility flaw that is present in the standard util‑linux packages used across virtually every mainstream...

Amazon Web Services has quietly flipped the switch on nested virtualization for a subset of its newest Intel-powered EC2 families, putting the long-awaited ability to run a hypervisor inside an EC2 virtual machine into general configuration for 8th‑generation Intel instance types — specifically...

Strategy’s Cloud Security Whitepaper stakes a clear claim: run the Intelligence Platform in your own cloud, at hyperscaler scale, with enterprise-grade controls so security teams and CISOs can confidently deliver analytics and AI without handing over custody of their data. Background Strategy...

A wave of tech‑support fraud that weaponized paid Bing search ads and Microsoft Azure Blob Storage burst into view in early February, converting routine web searches into convincing “Azure Support” scare pages and phone scams that hit at least 48 U.S. organizations across healthcare...

Microsoft’s advisory listing for CVE-2026-21228 has elevated the alarm for Azure administrators and cloud defenders alike: the vendor has recorded a local remote-code-execution (RCE) class vulnerability affecting Azure management components, but key technical details remain limited in the public...

Microsoft has assigned CVE-2026-21522 to a newly disclosed elevation-of-privilege flaw affecting Azure Container Instances (ACI) Confidential Containers, warning that an attacker with access inside a confidential guest could potentially escalate privileges and interact with host-level resources...

A routine service notification from Microsoft Azure was flagged as spam by Microsoft 365 Security — a small event on the surface that exposes a recurring, high-stakes problem: automated email filters, tuned to fight increasingly sophisticated phishing and spam, can and do misclassify legitimate...

Linux 6.19 has landed, and with Linus Torvalds’ customary blend of dry humour and blunt practicality he’s already declared the next kernel cycle will be called Linux 7.0 — a naming change driven by bookkeeping fatigue rather than any single, sweeping technical break. The 6.19 release itself is a...

Wall Street turned sharply active in early February 2026, with analysts rotating through five very different stories — Enphase Energy, Cloudflare, Merck & Co., Microsoft, and fuboTV — issuing upgrades, downgrades and much‑debated price targets that together illuminate how investors are...

Microsoft has assigned CVE‑2026‑21532 to an information‑disclosure vulnerability that affects Azure Functions; the entry in Microsoft’s Security Update Guide confirms the vulnerability exists but — at the time of publication — supplies only a high‑level classification and a vendor confidence...

Microsoft’s public signals show an Azure Front Door elevation‑of‑privilege entry in the vendor’s Security Update Guide, but the public record is intentionally terse and the exact exploit mechanics remain opaque — forcing defenders to make policy and operational decisions with incomplete...

Microsoft’s decision to end support for TLS 1.0 and 1.1 on Azure Blob Storage has moved from warning to reality: as of February 3, 2026, Azure Storage public HTTPS endpoints now require TLS 1.2 or later, and any client negotiating TLS 1.0 or 1.1 will be rejected. Background Microsoft first...

Enterprise-targeted phishing has migrated from dodgy domains and cheap VPSes to the same cloud platforms that companies trust to run their businesses—Microsoft Azure, Google Firebase, AWS and Cloudflare—and that shift is changing how SOCs detect, investigate, and stop credential theft and MFA...

Dragos’s expanded collaboration with Microsoft marks a significant step toward bringing purpose-built operational technology (OT) security into mainstream enterprise cloud and security operations: the Dragos Platform will run on Microsoft Azure, push OT-specific telemetry and asset context into...

Microsoft has implemented a platform-wide cutoff for legacy Transport Layer Security (TLS) on Azure Blob Storage: as of February 3, 2026, Azure Storage public HTTPS endpoints will reject TLS 1.0 and TLS 1.1 handshakes, and TLS 1.2 is the enforced minimum. Background Microsoft’s decision to...

Sennheiser’s DeviceHub arrives as a practical answer to a stubborn operational problem in modern AV deployments: how to manage, monitor and secure large fleets of microphone arrays, video bars and room systems without sending engineers to every room. Announced publicly in early February 2026 and...

Azure Storage will stop accepting TLS 1.0 and TLS 1.1 connections on February 3, 2026, making TLS 1.2 the new minimum across blob, file, queue and table endpoints — a platform-wide enforcement that will break any client still negotiating the deprecated protocols. Background / Overview Microsoft...

On February 3, 2026, Microsoft enforced a platform-wide cutoff for legacy Transport Layer Security (TLS) on Azure Blob Storage: TLS 1.0 and TLS 1.1 are no longer accepted and TLS 1.2 is now the minimum required protocol for all Azure Storage public HTTPS endpoints. The cutoff applies globally to...