cloud security

Linux 6.19 has landed, and with Linus Torvalds’ customary blend of dry humour and blunt practicality he’s already declared the next kernel cycle will be called Linux 7.0 — a naming change driven by bookkeeping fatigue rather than any single, sweeping technical break. The 6.19 release itself is a...

Wall Street turned sharply active in early February 2026, with analysts rotating through five very different stories — Enphase Energy, Cloudflare, Merck & Co., Microsoft, and fuboTV — issuing upgrades, downgrades and much‑debated price targets that together illuminate how investors are...

Microsoft has assigned CVE‑2026‑21532 to an information‑disclosure vulnerability that affects Azure Functions; the entry in Microsoft’s Security Update Guide confirms the vulnerability exists but — at the time of publication — supplies only a high‑level classification and a vendor confidence...

Microsoft’s public signals show an Azure Front Door elevation‑of‑privilege entry in the vendor’s Security Update Guide, but the public record is intentionally terse and the exact exploit mechanics remain opaque — forcing defenders to make policy and operational decisions with incomplete...

Microsoft’s decision to end support for TLS 1.0 and 1.1 on Azure Blob Storage has moved from warning to reality: as of February 3, 2026, Azure Storage public HTTPS endpoints now require TLS 1.2 or later, and any client negotiating TLS 1.0 or 1.1 will be rejected. Background Microsoft first...

Enterprise-targeted phishing has migrated from dodgy domains and cheap VPSes to the same cloud platforms that companies trust to run their businesses—Microsoft Azure, Google Firebase, AWS and Cloudflare—and that shift is changing how SOCs detect, investigate, and stop credential theft and MFA...

Dragos’s expanded collaboration with Microsoft marks a significant step toward bringing purpose-built operational technology (OT) security into mainstream enterprise cloud and security operations: the Dragos Platform will run on Microsoft Azure, push OT-specific telemetry and asset context into...

Microsoft has implemented a platform-wide cutoff for legacy Transport Layer Security (TLS) on Azure Blob Storage: as of February 3, 2026, Azure Storage public HTTPS endpoints will reject TLS 1.0 and TLS 1.1 handshakes, and TLS 1.2 is the enforced minimum. Background Microsoft’s decision to...

Sennheiser’s DeviceHub arrives as a practical answer to a stubborn operational problem in modern AV deployments: how to manage, monitor and secure large fleets of microphone arrays, video bars and room systems without sending engineers to every room. Announced publicly in early February 2026 and...

Azure Storage will stop accepting TLS 1.0 and TLS 1.1 connections on February 3, 2026, making TLS 1.2 the new minimum across blob, file, queue and table endpoints — a platform-wide enforcement that will break any client still negotiating the deprecated protocols. Background / Overview Microsoft...

On February 3, 2026, Microsoft enforced a platform-wide cutoff for legacy Transport Layer Security (TLS) on Azure Blob Storage: TLS 1.0 and TLS 1.1 are no longer accepted and TLS 1.2 is now the minimum required protocol for all Azure Storage public HTTPS endpoints. The cutoff applies globally to...

Microsoft has formally enforced the removal of TLS 1.0 and TLS 1.1 for Azure Blob Storage effective February 3, 2026; from this date onward Azure Storage public HTTPS endpoints will accept only TLS 1.2 or newer and any client attempting to negotiate TLS 1.0/1.1 will see connections fail. This is...

Broadcom’s security team has flagged a focused tech-support scam campaign that weaponizes Microsoft Azure’s static website endpoints—those familiar web.core.windows.net addresses—to host convincing “Windows Defender / Microsoft Security” scare pages aimed primarily at Japanese recipients, and...

Google-owned Mandiant has sounded a clear alarm: financially motivated extortion groups, including those associated with the ShinyHunters brand, are running coordinated vishing campaigns that pair real-time voice social engineering with highly convincing credential‑harvesting pages to compromise...

Microsoft has confirmed that, when it possesses a BitLocker recovery key tied to a customer’s account and receives valid legal process, it will produce that key to law enforcement — a revelation that sharply reframes how effectively BitLocker protects disk contents in practice and forces every...

CVE-2026-21227 — Azure Logic Apps path traversal (Elevation of Privilege): what you need to know, how it works, and how to defend (feature analysis) Summary (TL;DR) Microsoft’s Security Update Guide lists CVE-2026-21227: an Azure Logic Apps vulnerability described as an improper limitation of a...

Microsoft’s advisory for CVE-2026-24304 identifies an elevation-of-privilege vulnerability in Azure Resource Manager that carries outsized operational risk because of the component’s role in the Azure management plane, but public technical detail is intentionally limited and the vendor’s...

Microsoft’s security catalog now records CVE-2026-24306, an elevation-of-privilege vulnerability affecting Azure Front Door, and the public record at the time of publication is intentionally sparse: Microsoft’s advisory entry is available but rendered through a JavaScript-driven portal (so...

AI assistants wired to external tools and data are rapidly reshaping how organizations automate work — and recent disclosures show those same integrations can become high‑leverage attack rails when MCP servers are left unsecured. Background: what is an MCP server and why it matters A Model...

Microsoft's cloud productivity stack experienced a disruption on January 21, 2026, with Microsoft 365 and Microsoft Teams reporting widespread problems early in the U.S. workday and recovery messages appearing within a few hours as Microsoft traced the impact to a third‑party networking...