148 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...
How Storm-2949 turned a compromised identity into a cloud-wide breach
In this article 1. Attack chain overview 1. Cloud compromise: Microsoft Entra ID and Microsoft 365 2. Initial access and persistence through targeted social engineering and SSPR abuse 3. Directory discovery and persistence 4. Microsoft 365 discovery and exfiltration 5. Cloud compromise: Microsoft...
GHSA-R5QW-5M8Q-6774 vulnerabilities
Vulnerabilities for packages: linux-azure, linux-aws, linux-vmware, linux-gcp, linux-qemu...
GHSA-H53C-6597-VMFW vulnerabilities
Vulnerabilities for packages: linux-azure, linux-aws, linux-vmware, linux-gcp, linux-qemu...
CVE-2026-43109 vulnerabilities
Vulnerabilities for packages: linux-azure, linux-aws, linux-vmware, linux-gcp, linux-qemu...
CVE-2026-33117
The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may...
Defending consumer web properties against modern DDoS attacks
If you own, create, or maintain online services and web portals, you’re probably aware of the dramatic upswing in DDoS attacks on your domains. AI has democratized tooling not just for us but for threat actors as well. DDoS in this era has extended from simple bandwidth saturation to sophisticate...
CVE-2026-35428
Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-28453
Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-35428
Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-35428
CVE-2026-35428 affects Azure Cloud Shell and is described as improper neutralization of special elements used in a command (command injection) that allows an unauthorized attacker to perform spoofing over a network. The available references consistently attribute the issue to command injection wi...
CVE-2026-35428 Azure Cloud Shell Spoofing Vulnerability
...
CVE-2026-35428
Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-35428 Azure Cloud Shell Spoofing Vulnerability
...
Azure Cloud Shell Spoofing Vulnerability
Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...
KLA91030 Multiple vulnerabilities in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azur...
Microsoft Azure Cloud Shell 命令注入漏洞
Microsoft Azure Cloud Shell is a browser-based cloud command-line environment developed by Microsoft Corporation. There is a command injection vulnerability in Microsoft Azure Cloud Shell, which stems from improper neutralization of special elements in commands. This vulnerability could allow...
PT-2026-38582
Name of the Vulnerable Software and Affected Versions Azure Cloud Shell affected versions not specified Description Improper neutralization of special elements used in a command allows an unauthorized attacker to perform command injection, which can enable network-based spoofing attacks...
CVE-2026-21515
Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network...
Making opportunistic cyberattacks harder by design
This is part of a series of blogs and interviews conducted with our Microsoft Deputy CISOs , in which we surface a number of mission-critical security recommendations and best practices that businesses can enact right now and derive real meaningful benefits from. In this article, Ilya Grebnov,...