Introducing Wiz Cloud Cost: Powering Cost Management and Optimization with Context

Wiz unifies cloud and AI cost visibility to help teams eliminate waste and improve spend efficiency across their AWS, Azure, and GCP environments...

Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack

Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, Azure-Samples, Microsoft, and MicrosoftDocs, per...

PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network

The threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services AWS, Google Cloud, and Microsoft Azure to create a covert SMTP email relay network. "Compromised business servers across the U.S., Europe, and Asia were quietly converted into SMTP proxies, verified f...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

CVE-2026-33843 Microsoft Azure Active Directory B2C Elevation of Privilege Vulnerability

...

PT-2026-42841

Name of the Vulnerable Software and Affected Versions Microsoft Azure Active Directory B2C affected versions not specified Description An authentication bypass exists via an alternate path or channel, which allows an unauthorized attacker to elevate privileges over a network. Recommendations At t...

Microsoft Azure Virtual Network Gateway 输入验证错误漏洞

Microsoft Azure Virtual Network Gateway is a cloud gateway service provided by Microsoft that supports VPN and cross-network connectivity. There is an input validation vulnerability in Microsoft Azure Virtual Network Gateway, which stems from improper input validation. This vulnerability may allo...

KLA91064 PE vulnerability in Microsoft Azure

An elevation of privilege vulnerability was found in Microsoft Azure. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2026-42834 Exploitation Related products Microsoft-Windows Microsoft-Azure CVE list CVE-2026-42834 critical Solution Install necessary...

MAL-2026-3876 Malicious code in @antv/dw-random (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Microsoft Azure Portal Windows Admin Center 后置链接漏洞

Microsoft Azure Portal Windows Admin Center is a Windows server and hybrid cloud management platform integrated with the Azure Portal by Microsoft Corporation. There is a postback link vulnerability in Microsoft Azure Portal Windows Admin Center, which stems from improper link resolution before...

CLEANSTART-2026-GB83728 Security fixes for CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 1.14.0-r0, 1.14.0-r1, 1.14.0-r2

Multiple security vulnerabilities affect the velero-plugin-for-microsoft-azure-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

GHSA-QJXF-6753-VC9P vulnerabilities

Vulnerabilities for packages: linux-vmware, linux-qemu, linux-azure, linux-aws, linux-gcp...

GHSA-4GX5-8RX4-VXMJ vulnerabilities

Vulnerabilities for packages: linux-vmware, linux-qemu, linux-azure, linux-aws, linux-gcp...

CVE-2026-43100 vulnerabilities

Vulnerabilities for packages: linux-vmware, linux-qemu, linux-azure, linux-aws, linux-gcp...

GHSA-R5QW-5M8Q-6774 vulnerabilities

Vulnerabilities for packages: linux-vmware, linux-qemu, linux-azure, linux-aws, linux-gcp...

GHSA-463M-22HH-CHVM vulnerabilities

Vulnerabilities for packages: linux-vmware, linux-qemu, linux-azure, linux-aws, linux-gcp...

GHSA-585P-9MG2-6VMM vulnerabilities

Vulnerabilities for packages: linux-vmware, linux-qemu, linux-azure, linux-aws, linux-gcp...