MAL-2026-5142 Malicious code in @redhat-cloud-services/insights-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

Why Organizations Are Abandoning Static Secrets for Managed Identities

As machine identities explode across cloud environments, enterprises report dramatic productivity gains from eliminating static credentials. And only legacy systems remain the weak link. For decades, organizations have relied on static secrets, such as API keys, passwords, and tokens, as unique...

Azure File Sync Agent v20 Release – February 2025

Azure File Sync Agent v20 Release – February 2025 This article describes the improvements and issues that are fixed in the Azure File Sync Agent v20 release that is dated February 2025. Additionally, this article contains installation instructions for this release. Improvements and issues that ar...

Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement

Microsoft security researchers recently identified a campaign where attackers attempted to move laterally to a cloud environment through a SQL Server instance. This attack technique demonstrates an approach weve seen in other cloud services such as VMs and Kubernetes cluster, but not in SQL Serve...

CVE-2022-23551

aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...

Cross site request forgery (csrf)

aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...

CVE-2022-23551 AAD Pod Identity obtaining token with backslash

aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...

CVE-2022-23551 AAD Pod Identity obtaining token with backslash

aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request...

CVE-2022-23551

CVE-2022-23551 concerns AAD Pod Identity: the NMI component could bypass validation for token requests containing a backslash (example /metadata/identity\oauth2\token/), potentially enabling a pod to access identities it should not have. The bug arises from NMI’s regex-based validation and is add...

GHSA-P82Q-RXPM-HJPC AAD Pod Identity obtaining token with backslash

Impact What kind of vulnerability is it? Who is impacted? The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request example: /metadata/identity\oauth2\token/ would bypass the NMI validation and be...

Delete Passwords: Passwordless Connections for Spring Boot Apps to Azure Services

Using username/password credentials to access one application from another presents a huge security risk for many reasons. Today, we are announcing the preview of passwordless connections for Java applications to Azure database and eventing services, letting you finally shift away from using...

Azure AutoWarp brings automation headaches

Azure is Microsoft’s cloud computing service providing a wide range of features for businesses worldwide. It’s particularly popular for its virtual machines and IaaS infrastructure as a service. One useful Azure feature is Automation, which has been around for some years now. Management tasks can...