cloud security

Microsoft's announcement that Azure will protect data not only at rest and in transit but while it’s being processed marks a significant shift in cloud security: Azure Confidential Compute places sensitive data inside Trusted Execution Environments (TEEs) so that even plaintext values inside...

Businesses moving to Microsoft Azure are increasingly doing it with a partner at their side: a new NetEnrich survey shows most organizations are “very likely” to hire a managed services provider to migrate to or manage Azure, and they point to security, backups and disaster recovery as the...

OMV’s security team says moving its core SOC to Microsoft Sentinel cut incident resolution time in half while unifying disparate telemetry under Microsoft Defender XDR—and the deployment reads like a textbook example of modern SOC consolidation: cloud-native SIEM, customer-managed encryption...

EssFeed’s “Top 10 Insider Threat Detection Tools in the World — 2025” is a useful primer that names ten widely deployed solutions — Varonis, ObserveIT (Proofpoint), Microsoft Sentinel, Splunk Enterprise Security, Sumo Logic, Forcepoint Insider Threat Detection, CyberArk, Teramind, Digital...

Astra’s new Cloud Vulnerability Scanner arrives as a direct answer to one of cloud security’s most persistent headaches: overwhelming misconfiguration noise and the disconnect between detected issues and real-world exploitability. The product promises continuous, agentless posture monitoring...

Astra’s new Cloud Vulnerability Scanner promises to turn noisy cloud posture data into actionable, validated risk by combining continuous, agentless discovery with an “offensive‑grade” validation engine that attempts exploit paths and confirms whether reported misconfigurations and weaknesses...

Google’s proposed purchase of cloud-security vendor Wiz has triggered a fresh wave of industry pushback in Europe, with the Cloud Infrastructure Service Providers in Europe (CISPE) warning regulators that the deal could produce a “multiplier effect” that locks customers into a single...

Google’s planned acquisition of cloud‑security specialist Wiz has set off a fresh round of European regulatory and industry pushback, with cloud trade body CISPE warning Brussels that the takeover could create a “multiplier effect” that locks customers into bundled cloud suites and gives Google...

Microsoft’s latest push folds deeper AI into enterprise defenses: a cloud-native SIEM rebranded as Microsoft Sentinel and a human-plus-AI advisory service called Microsoft Threat Experts that together promise faster detection, more automated SecOps, and 24/7 access to Microsoft’s security...

Microsoft’s short FAQ answer — that “Azure Linux includes this open‑source library and is therefore potentially affected” — is accurate as a product‑level attestation, but it does not mean Azure Linux is the only Microsoft product that could include the vulnerable code. Microsoft’s published...

The U.S. cybersecurity community has been handed a timely, focused draft to review: the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) jointly released an initial public draft of Interagency Report (IR) 8597, titled...

Operational readiness for Windows Server 2019 on AWS EC2 is no longer optional — it’s the difference between a resilient, secure production service and a recurring operations crisis that drains budget and trust. This feature presents a practical, prioritized operational readiness checklist for...

Microsoft’s Security Response Center has recorded CVE‑2025‑64675 as a spoofing vulnerability affecting Azure Cosmos DB, but the public technical detail is deliberately sparse and important aspects — exploitability, root cause, and a public proof‑of‑concept — remain unconfirmed, leaving defenders...

Microsoft’s Partner Center has again been flagged for an improper authorization flaw that can allow an attacker to escalate privileges across a networked environment — an advisory for CVE-2025-65041 was posted to Microsoft’s Security Update Guide, but public technical detail is sparse and the...

Windows Server 2025 arriving on Amazon EC2 changes the calculus for many enterprises that still run heavy Windows workloads: the OS brings cloud-first security and performance features, and AWS provides ready-to-launch AMIs and integration points so organizations can move faster without...

Microsoft has quietly rewritten the rules of engagement for vulnerability research: starting now, any critical flaw that demonstrably impacts Microsoft’s online services is eligible for a bounty — even if the vulnerable code lives in third‑party software or open‑source libraries, and even if no...

Maharashtra’s police force has taken a dramatic step into AI-first policing with the unveiling of MahaCrimeOS AI, an Azure- and OpenAI-powered investigative platform developed by CyberEye in partnership with the state’s MARVEL special-purpose vehicle and Microsoft India Development Center; the...

Easy Dynamics’ announcement that it has earned the Microsoft Azure Solutions Partner Designation in Security closes a year of rapid partner progress for the McLean, Virginia firm and signals an important capability shift for organizations that rely on Microsoft Azure for mission-critical...

Microsoft’s brief product attestation for CVE-2025-38064 names Azure Linux as a known carrier of the vulnerable virtio code path, but that attestation is a scoped inventory statement — not a categorical guarantee that no other Microsoft product can or does include the same open‑source component...

Microsoft’s short answer — that Azure Linux “includes this open‑source library and is therefore potentially affected” — is accurate as a product‑level attestation, but it is not a proof that Azure Linux is the only Microsoft product that could carry the vulnerable component. Microsoft has...