cloud security

A new wave of deception against Microsoft cloud customers has pulled back the curtain on how easily visual trust can be weaponized: attackers have been able to register malicious Azure applications that look identical to Microsoft services such as Azure Portal and Microsoft Teams by hiding...

Microsoft’s latest security briefing makes a blunt point: Azure Blob Storage is no longer just a convenient object store — it is an active battleground, and defenders need to treat it as such now that adversaries are weaponizing cloud-native scale, features, and orchestration to probe, persist...

Windows 11 can turn a humble USB port into a Swiss Army knife for rescue, security, networking, and mobility—if you know where to look and how to prepare. What most people plug in for charging or file transfers can also be a life‑saving recovery drive, a portable Windows environment, a hardware...

The single sentence that should make every IT manager sit up: a misconfigured marketing mail-log database tied to Netcore Cloud Pvt. Ltd. sat publicly accessible and entirely unencrypted, exposing roughly 40 billion records (about 13.4 TB) of message metadata, transactional notices, and other...

Microsoft has published a high‑severity advisory for CVE‑2025‑55321: a cross‑site scripting (CWE‑79) flaw in Azure Monitor Log Analytics that can be abused by a privileged user to inject and render attacker‑controlled content in the Azure Monitor web UI, enabling spoofing of telemetry...

Microsoft corrected a potentially catastrophic identity flaw in Entra ID that could have allowed cross‑tenant impersonation of any user — including Global Administrators — by abusing undocumented internal tokens and a validation gap in a legacy API; the publicly tracked identifier for this issue...

Microsoft’s latest Secure Future Initiative (SFI) update moves beyond high-level commitments and delivers a practical, practitioner-focused set of patterns and practices aimed at turning Zero Trust theory into repeatable operational reality for networks, tenants, engineering systems, and...

Permiso’s new open-source tool P0LR Espresso is aimed squarely at the weakest link in cloud defense that most SOCs quietly tolerate: inconsistent, provider-specific log formats that slow investigations and obscure identity-based signals at the moment they matter most. The SiliconANGLE report...

CrowdStrike’s appointment of Amjad Hussain as Chief Resilience Officer signals a deliberate shift from reactive security posture to enterprise-wide reliability and operational engineering — a move that expands the company’s leadership playbook as it leans into AI-powered, cloud-native...

Microsoft’s decision to “cease and disable” a set of Azure cloud and AI subscriptions to an Israeli Ministry of Defense unit after a high‑profile investigation has forced a reckoning about what commercial cloud providers can — and must — do when sovereign customers appear to use powerful tools...

Microsoft’s abrupt decision to “cease and disable” a set of Azure cloud and Azure AI subscriptions used by a unit inside Israel’s Ministry of Defense marks a rare and consequential intervention by a major cloud provider — one that forces a broader reckoning about how hyperscale infrastructure...

Microsoft has disabled specific Azure cloud and Azure AI subscriptions used by a unit of Israel’s Ministry of Defense after an expanded internal review found evidence supporting elements of investigative reporting that alleged the platform was being used to ingest, store and analyze large...

Microsoft has disabled specific Azure cloud and AI subscriptions used by a unit of Israel’s Ministry of Defense after an internal review found elements of investigative reporting that suggested Microsoft technology was being used to ingest, store and analyze large volumes of intercepted...

A new Principled Technologies (PT) study — circulated as a press release and picked up by partner outlets — argues that adopting a single‑cloud approach for AI on Microsoft Azure can produce concrete benefits in performance, manageability, and cost predictability, while also leaving room for...

Microsoft’s latest updates to Azure Migrate push the service beyond simple lift-and-shift tooling into a coordinated, AI-assisted modernization platform that ties discovery, developer remediation, and secure migration together — promising faster migrations, deeper application awareness, and...

A newly disclosed flaw in Microsoft Entra ID — tracked as CVE-2025-55241 — exposed a fragile seam in cloud identity where undocumented internal tokens and a legacy API’s weak validation combined to create a near‑universal tenant takeover vector; Microsoft has patched the defect, but the incident...

Ottawa’s recent disclosure that the federal government has spent nearly $1.3 billion on cloud services from U.S. providers since 2021 — with more than a billion of that directed to Microsoft and portions of that budget underpinning what the Department of National Defence calls “mission‑critical”...

Principled Technologies’ recent press materials argue that adopting a single‑cloud approach for AI on Microsoft Azure can produce measurable gains in performance, manageability, and cost predictability — but those headline claims come with important caveats and require careful validation before...

Inforcer’s recent elevation into Microsoft’s MSP-focused Intune initiative marks a tangible step toward making Microsoft 365 more manageable, secure, and AI-ready for Managed Service Providers — and it comes at a moment when MSPs desperately need standardized, scale-ready tooling to extract...

Bonfy.AI’s latest update to its Adaptive Content Security platform lands squarely in the intersection of AI adoption and enterprise security, expanding native integrations across Microsoft 365 and positioning an AI-first approach to Data Loss Prevention that specifically targets risks introduced...