145 matches found
How Storm-2949 turned a compromised identity into a cloud-wide breach
In this article 1. Attack chain overview 1. Cloud compromise: Microsoft Entra ID and Microsoft 365 2. Initial access and persistence through targeted social engineering and SSPR abuse 3. Directory discovery and persistence 4. Microsoft 365 discovery and exfiltration 5. Cloud compromise: Microsoft...
GHSA-R5QW-5M8Q-6774 vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-aws, linux-qemu, linux-gcp, linux-azure...
GHSA-H53C-6597-VMFW vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-aws, linux-qemu, linux-gcp, linux-azure...
CVE-2026-43109 vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-aws, linux-qemu, linux-gcp, linux-azure...
CVE-2026-33117
The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may...
Defending consumer web properties against modern DDoS attacks
If you own, create, or maintain online services and web portals, you’re probably aware of the dramatic upswing in DDoS attacks on your domains. AI has democratized tooling not just for us but for threat actors as well. DDoS in this era has extended from simple bandwidth saturation to sophisticate...
CVE-2026-35428
Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-28453
Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-35428
Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-35428
CVE-2026-35428 affects Azure Cloud Shell and is described as improper neutralization of special elements used in a command (command injection) that allows an unauthorized attacker to perform spoofing over a network. The available references consistently attribute the issue to command injection wi...
CVE-2026-35428 Azure Cloud Shell Spoofing Vulnerability
...
CVE-2026-35428 Azure Cloud Shell Spoofing Vulnerability
...
CVE-2026-35428
Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...
Azure Cloud Shell Spoofing Vulnerability
Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...
KLA91030 Multiple vulnerabilities in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azur...
Microsoft Azure Cloud Shell 命令注入漏洞
Microsoft Azure Cloud Shell is a browser-based cloud command-line environment developed by Microsoft Corporation. There is a command injection vulnerability in Microsoft Azure Cloud Shell, which stems from improper neutralization of special elements in commands. This vulnerability could allow...
PT-2026-38582
Name of the Vulnerable Software and Affected Versions Azure Cloud Shell affected versions not specified Description Improper neutralization of special elements used in a command allows an unauthorized attacker to perform command injection, which can enable network-based spoofing attacks...
CVE-2026-21515
Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network...
Making opportunistic cyberattacks harder by design
This is part of a series of blogs and interviews conducted with our Microsoft Deputy CISOs , in which we surface a number of mission-critical security recommendations and best practices that businesses can enact right now and derive real meaningful benefits from. In this article, Ilya Grebnov,...
MAL-2026-2831 Malicious code in azure-ai-agentserver-githubcopilot (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5302d683e413611c8a5f1bcfb18c19e34353a50c1d4450546b284197bab5a6f7 Package exploits dependency confusion. A beacon request is used to report usage back, but no additional information are exfiltrated. --- Category:...