EUVD-2026-29578

Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network...

GHSA-PRGG-RGFW-VR94 vulnerabilities

Vulnerabilities for packages: linux-aws, linux-qemu, linux-azure, linux-gcp, linux-vmware...

hays-london-azure-platform-2-poc

Hays London Azure Platform Engineer POC — AKS Operations & Pla...

Microsoft Azure DevOps 安全漏洞

Microsoft Azure DevOps is a team collaboration platform provided by the American company Microsoft. There is a security vulnerability in Microsoft Azure DevOps, which stems from insufficient credential protection. This vulnerability could allow unauthorized attackers to gain elevated privileges...

Microsoft Azure Arc Access Control Error Vulnerability

Microsoft Azure Arc is a storage system from Microsoft USA. that extends the Azure platform into your environment. Microsoft Azure Arc has an Access Control Error vulnerability that can be exploited by an attacker to elevate privileges...

CVE-2025-55697 Azure Local Elevation of Privilege Vulnerability

...

Microsoft raises the bar: A smarter way to measure AI for cybersecurity

ExCyTIn-Bench is Microsoft’s newest open-source benchmarking tool designed to evaluate how well AI systems perform real-world cybersecurity investigations.1 It helps business leaders assess language models by simulating realistic cyberthreat scenarios and providing clear, actionable insights into...

EUVD-2020-12768

Malware in sbrugna...

EUVD-2024-19276

Malicious code in bioql PyPI...

Azure IoT Platform Device SDK Remote Code Execution Vulnerability

...

dotnet: X509 Certificates - Validation Bypass across Azure

A security feature bypass vulnerability exists when Microsoft .NET Framework-based applications use X.509 chain building APIs but do not completely validate the X.509 certificate due to a logic flaw. An attacker could present an arbitrary untrusted certificate with malformed signatures, triggerin...

Vdisk locks are not clearing after shutting down a target from the PVS console running in Azure

PVS on Azure - When shutting down a target from the PVS console or the Azure portal vdisk locks are not releasing properly...

Vulnerabilities fixed in Microsoft Azure

Vulnerabilities have been fixed in Microsoft Azure. The vulnerabilities allow a malicious party to obtain elevated privileges obtain or to execute arbitrary code under the privileges of the user. The vulnerabilities marked CVE-2022-3602 and CVE-2022-3786 are located in OpenSSL and were previously...

Scientific Linux Security Update : cloud-init on SL7.x (x86_64) (20190318)

Security Fixes : - cloud-init: extra ssh keys added to authorizedkeys on the Azure platform CVE-2019-0816 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid122961; scriptversion"1.7";...

CentOS 7 : cloud-init (CESA-2019:0597)

An update for cloud-init is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

RHEL 7 : cloud-init (RHSA-2019:0597)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:0597 advisory. The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to...

Extraneous SSH Public Keys added to Authorized Keys file on Linux VM

Extraneous SSH Public Keys added to Authorized Keys file on Linux VM Summary In addition to letting users provide their own SSH keypairs for authentication, the Microsoft Azure platform relies on SSH keypairs to enable some features that are added to the virtual machine VM at deployment time. We...

PoC Exploit Compromises Microsoft Live Accounts via Subdomain Hijacking

A proof-of-concept PoC attack details how an attacker can gain access a victim’s Microsoft Live webmail session, without having the person’s credentials. It relies upon the hijack of a Microsoft-owned Live.com website subdomain. The PoC, developed by CyberInt, demonstrates what it characterizes a...