cloud security

A tidal wave of malicious traffic slammed into Microsoft Azure on October 24, 2025 — a multi‑vector distributed denial‑of‑service assault that peaked at 15.72 terabits per second (Tbps) and approximately 3.64 billion packets per second (pps) — and was automatically detected and mitigated by...

Microsoft’s Azure DDoS Protection absorbed and neutralized an unprecedented cloud‑scale assault on October 24, 2025 that peaked at 15.72 terabits per second (Tbps) and roughly 3.64 billion packets per second (pps), an event Microsoft and independent industry reporting describe as the largest...

On October 24, 2025, Microsoft Azure’s DDoS Protection automatically detected and neutralized a multi‑vector Distributed Denial‑of‑Service (DDoS) attack that peaked at 15.72 terabits per second (Tbps) and approximately 3.64 billion packets per second (pps), an event Microsoft describes as the...

Microsoft says Azure's DDoS protection automatically detected and absorbed an unprecedented cloud-scale flood on October 24 that peaked at 15.72 terabits per second (Tbps) and nearly 3.64 billion packets per second (pps) — an event the company describes as the largest DDoS attack ever observed...

On October 24, Microsoft Azure’s automated DDoS protection neutralized an unprecedented, multi‑vector flood that reached a peak of 15.72 terabits per second (Tbps) and nearly 3.64 billion packets per second (pps) against a single public IP in Australia — an event Azure says it mitigated without...

Circularo’s announcement that it has achieved ISO/IEC 27017 certification for its cloud-hosted eSigning platform is a meaningful signal to customers and procurement teams: the company says its cloud deployments on Microsoft Azure (EU and UAE regions) and Oracle Cloud Infrastructure (OCI) in...

Microsoft’s November Defender updates arrive as more than a routine patch cycle — they are a targeted response to an explosive set of risks centered on Azure Blob Storage and AI integrations that, together, have remapped the priority list for CIOs and security teams across hybrid clouds...

Cloud security has reached a clear inflection point: new IDC research — amplified by Microsoft’s security team — reports that organizations saw an average of more than nine cloud security incidents in 2024, with 89% of respondents saying incidents increased year‑over‑year, and the data is...

MTN’s move to Azure for its Enterprise Value Analytics platform marks a watershed moment for telco cloud adoption in Africa: the operator says EVA 3.0 has been re‑engineered on Microsoft Azure (using Azure Databricks and Microsoft security tooling) to deliver faster analytics, earlier...

A 4‑terabyte SQL Server backup file belonging to Ernst & Young (EY) was discovered publicly accessible on Microsoft Azure, exposing an unencrypted .BAK backup that researchers say could have contained database schemas, stored procedures, authentication tokens, API keys, service‑account...

Technology can be the multiplier that lets mission-driven organisations do more with less — but turning cloud, AI and security platforms into measurable impact for not-for-profits requires more than buying licenses; it needs strategy, risk discipline and the right delivery partner. Background...

Microsoft’s Copilot Studio can be weaponized to steal OAuth tokens — an attack chain Datadog Security Labs has dubbed “CoPhish” — by hosting malicious agents on Microsoft domains and using the agents’ built‑in sign‑in workflows to deliver convincing OAuth consent prompts that exfiltrate tokens...

Microsoft’s CVE label CVE-2025-59273 — described in some community postings as an Azure Event Grid system elevation-of-privilege issue — cannot be located in vendor advisories or major public vulnerability indexes at the time of this writing, and the available technical record points to an...

Microsoft’s warning that Azure Blob Storage is under active, escalating attack should be treated as more than a routine advisory — it’s a call to action for every cloud operator who depends on Blob for backups, AI training sets, analytics lakes, media hosting, or ephemeral developer workflows...

A new wave of deception against Microsoft cloud customers has pulled back the curtain on how easily visual trust can be weaponized: attackers have been able to register malicious Azure applications that look identical to Microsoft services such as Azure Portal and Microsoft Teams by hiding...

Microsoft’s latest security briefing makes a blunt point: Azure Blob Storage is no longer just a convenient object store — it is an active battleground, and defenders need to treat it as such now that adversaries are weaponizing cloud-native scale, features, and orchestration to probe, persist...

Windows 11 can turn a humble USB port into a Swiss Army knife for rescue, security, networking, and mobility—if you know where to look and how to prepare. What most people plug in for charging or file transfers can also be a life‑saving recovery drive, a portable Windows environment, a hardware...

The single sentence that should make every IT manager sit up: a misconfigured marketing mail-log database tied to Netcore Cloud Pvt. Ltd. sat publicly accessible and entirely unencrypted, exposing roughly 40 billion records (about 13.4 TB) of message metadata, transactional notices, and other...

Microsoft has published a high‑severity advisory for CVE‑2025‑55321: a cross‑site scripting (CWE‑79) flaw in Azure Monitor Log Analytics that can be abused by a privileged user to inject and render attacker‑controlled content in the Azure Monitor web UI, enabling spoofing of telemetry...

Microsoft corrected a potentially catastrophic identity flaw in Entra ID that could have allowed cross‑tenant impersonation of any user — including Global Administrators — by abusing undocumented internal tokens and a validation gap in a legacy API; the publicly tracked identifier for this issue...