cloud security

On October 24, Microsoft Azure’s automated DDoS protection neutralized an unprecedented, multi‑vector flood that reached a peak of 15.72 terabits per second (Tbps) and nearly 3.64 billion packets per second (pps) against a single public IP in Australia — an event Azure says it mitigated without...

Circularo’s announcement that it has achieved ISO/IEC 27017 certification for its cloud-hosted eSigning platform is a meaningful signal to customers and procurement teams: the company says its cloud deployments on Microsoft Azure (EU and UAE regions) and Oracle Cloud Infrastructure (OCI) in...

Microsoft’s November Defender updates arrive as more than a routine patch cycle — they are a targeted response to an explosive set of risks centered on Azure Blob Storage and AI integrations that, together, have remapped the priority list for CIOs and security teams across hybrid clouds...

Cloud security has reached a clear inflection point: new IDC research — amplified by Microsoft’s security team — reports that organizations saw an average of more than nine cloud security incidents in 2024, with 89% of respondents saying incidents increased year‑over‑year, and the data is...

MTN’s move to Azure for its Enterprise Value Analytics platform marks a watershed moment for telco cloud adoption in Africa: the operator says EVA 3.0 has been re‑engineered on Microsoft Azure (using Azure Databricks and Microsoft security tooling) to deliver faster analytics, earlier...

A 4‑terabyte SQL Server backup file belonging to Ernst & Young (EY) was discovered publicly accessible on Microsoft Azure, exposing an unencrypted .BAK backup that researchers say could have contained database schemas, stored procedures, authentication tokens, API keys, service‑account...

Technology can be the multiplier that lets mission-driven organisations do more with less — but turning cloud, AI and security platforms into measurable impact for not-for-profits requires more than buying licenses; it needs strategy, risk discipline and the right delivery partner. Background...

Microsoft’s Copilot Studio can be weaponized to steal OAuth tokens — an attack chain Datadog Security Labs has dubbed “CoPhish” — by hosting malicious agents on Microsoft domains and using the agents’ built‑in sign‑in workflows to deliver convincing OAuth consent prompts that exfiltrate tokens...

Microsoft’s CVE label CVE-2025-59273 — described in some community postings as an Azure Event Grid system elevation-of-privilege issue — cannot be located in vendor advisories or major public vulnerability indexes at the time of this writing, and the available technical record points to an...

Microsoft’s warning that Azure Blob Storage is under active, escalating attack should be treated as more than a routine advisory — it’s a call to action for every cloud operator who depends on Blob for backups, AI training sets, analytics lakes, media hosting, or ephemeral developer workflows...

A new wave of deception against Microsoft cloud customers has pulled back the curtain on how easily visual trust can be weaponized: attackers have been able to register malicious Azure applications that look identical to Microsoft services such as Azure Portal and Microsoft Teams by hiding...

Microsoft’s latest security briefing makes a blunt point: Azure Blob Storage is no longer just a convenient object store — it is an active battleground, and defenders need to treat it as such now that adversaries are weaponizing cloud-native scale, features, and orchestration to probe, persist...

Windows 11 can turn a humble USB port into a Swiss Army knife for rescue, security, networking, and mobility—if you know where to look and how to prepare. What most people plug in for charging or file transfers can also be a life‑saving recovery drive, a portable Windows environment, a hardware...

The single sentence that should make every IT manager sit up: a misconfigured marketing mail-log database tied to Netcore Cloud Pvt. Ltd. sat publicly accessible and entirely unencrypted, exposing roughly 40 billion records (about 13.4 TB) of message metadata, transactional notices, and other...

Microsoft has published a high‑severity advisory for CVE‑2025‑55321: a cross‑site scripting (CWE‑79) flaw in Azure Monitor Log Analytics that can be abused by a privileged user to inject and render attacker‑controlled content in the Azure Monitor web UI, enabling spoofing of telemetry...

Microsoft corrected a potentially catastrophic identity flaw in Entra ID that could have allowed cross‑tenant impersonation of any user — including Global Administrators — by abusing undocumented internal tokens and a validation gap in a legacy API; the publicly tracked identifier for this issue...

Microsoft’s latest Secure Future Initiative (SFI) update moves beyond high-level commitments and delivers a practical, practitioner-focused set of patterns and practices aimed at turning Zero Trust theory into repeatable operational reality for networks, tenants, engineering systems, and...

Permiso’s new open-source tool P0LR Espresso is aimed squarely at the weakest link in cloud defense that most SOCs quietly tolerate: inconsistent, provider-specific log formats that slow investigations and obscure identity-based signals at the moment they matter most. The SiliconANGLE report...

CrowdStrike’s appointment of Amjad Hussain as Chief Resilience Officer signals a deliberate shift from reactive security posture to enterprise-wide reliability and operational engineering — a move that expands the company’s leadership playbook as it leans into AI-powered, cloud-native...

Microsoft’s decision to “cease and disable” a set of Azure cloud and AI subscriptions to an Israeli Ministry of Defense unit after a high‑profile investigation has forced a reckoning about what commercial cloud providers can — and must — do when sovereign customers appear to use powerful tools...