cloud security

Microsoft president Brad Smith’s compact public line — “some of what was reported needs to be tested” — is the latest punctuation in a rapidly escalating crisis for Azure, Microsoft’s relationships with the Israeli security establishment, and the cloud industry’s role in wartime intelligence and...

Microsoft’s president, Brad Smith, told reporters from his office at the Redmond campus that the company will “investigate and get to the truth” after a Guardian-led investigation alleged that Israel’s Unit 8200 had used Microsoft Azure to store and process vast troves of intercepted Palestinian...

India’s national cybersecurity agency has issued a high‑severity warning about a broad set of vulnerabilities across Microsoft products — a multi‑component risk that demands immediate patching and tighter operational controls from both home users and enterprise IT teams. Background / Overview...

Microsoft’s cloud team has quietly re-architected the silicon under Azure to treat nearly every element of a server as a discrete security boundary — and it's shipping that architecture at scale across new servers this year and into 2025. What started as a collection of academic and hyperscaler...

Not long ago, running a Windows PC without a paid third‑party antivirus felt like leaving your front door open — today, that advice is overdue for a rethink because Windows’ built‑in protections are both better and far more capable than most people realize. Background Windows has a long...

Microsoft’s Copilot for Microsoft 365 was supposed to make AI agents safer to run at enterprise scale; instead, recent reports show a control-plane failure that left some agents discoverable and installable despite tenant-level policy locks—forcing administrators into time-consuming, per-agent...

Microsoft’s latest push to “harden Azure from silicon to systems” stitches together a clear thesis: security must be built into every layer of the cloud stack — starting in silicon and extending through firmware, host controllers, attestation, and immutable supply-chain evidence. The company’s...

Microsoft’s presentation at Hot Chips 2025 pulled back the curtain on a quiet but pivotal shift in how Azure defends the cloud: security is moving from centralized, cluster-level appliances into the silicon and server chassis themselves, with the Azure Integrated HSM and companion custom silicon...

Microsoft’s Copilot agent governance has slid into the spotlight after multiple, independent reports found that tenant-level policies intended to prevent user access to AI agents were not reliably enforced — a misconfiguration and control-plane gap that left some Copilot Agents discoverable or...

Zero-trust is not an add-on for AI pipelines — it must be baked into the fabric of how data, models and orchestration talk to one another. In a recent InfoWorld piece, the author laid out a metadata-driven, zero-trust MLOps reference architecture on Azure that combines Microsoft Entra ID, Azure...

Microsoft’s Copilot Agent ecosystem is facing a governance and enforcement crisis: multiple independent reports show that tenant-level policies intended to block agent availability are not being reliably enforced, Microsoft’s Copilot audit telemetry has contained reproducible blind spots, and...

Microsoft’s push to weave Copilot into the fabric of Microsoft 365 has hit a trust-defining snag: for months, under specific prompting conditions, the AI assistant’s access to source documents could be absent from Microsoft 365 audit logs, leaving security teams with empty entries where...

Microsoft’s push into artificial intelligence is no longer an experiment — it’s a full-scale platform strategy that is reshaping productivity, enterprise operations, and the very architecture of the cloud, with the Copilot family, Azure AI services, GitHub Copilot, and a suite of industry...

Microsoft quietly patched a vulnerability in Microsoft 365 Copilot that allowed the assistant to read and summarize enterprise files without producing the expected Purview audit entry — a gap that, if exploited, could let insiders or attackers extract sensitive data while leaving no trace in...

Zscaler’s claim that its cloud sees “over half a trillion transactions a day” has suddenly become more than a brag about scale — it’s the center of a fresh privacy controversy after external reports and researcher commentary interpreted CEO remarks to mean Zscaler is using customer logs and full...

Microsoft Security Response Center (MSRC) now lists CVE-2025-53763 as an improper access control vulnerability in Azure Databricks that can be exploited to achieve elevation of privilege over the network, a finding that demands urgent attention from cloud and data platform administrators...

In a volatile escalation of employee activism and public scrutiny, 18 people were arrested at Microsoft’s Redmond, Washington, campus on August 20, 2025, after demonstrators — including current and former Microsoft staff — splashed red paint on the company’s signage, set up an encampment on...

Microsoft’s recent quiet fix to an M365 Copilot logging gap has opened a new debate over cloud transparency, audit integrity, and how enterprise defenders should respond when a vendor patches a service-side flaw without issuing a public advisory. Security researchers say a trivial prompt...

A small but highly visible standoff at Microsoft’s Redmond campus this week crystallized a wider crisis for the company: employees confronting management over allegations that Microsoft’s cloud and AI technologies have been used by the Israeli military to store and process mass surveillance data...

A security researcher’s routine Copilot query revealed a startling blind spot in Microsoft’s logging: under certain prompts, Copilot could return file summaries without leaving the expected Purview audit entry — and, according to the researcher, Microsoft quietly rolled out a fix without issuing...