Azure Archives

Data Breaches

Microsoft Purges Dormant Azure Tenants, Rotates Keys to Prevent Repeat Nation-State Hack

Microsoft security chief Charlie Bell says the SFI's 28 objectives are “near completion” and that 11 others have made “significant progress.”

Ryan NaraineApril 21, 2025

Cloud Security

What’s Behind Google’s $32 Billion Wiz Acquisition?

News analysis: Google positions itself to compete with Microsoft for enterprise security dollars. How does this deal affect startup ecosystem?

Ryan NaraineMarch 19, 2025

Cloud Security

Azure Kubernetes Services Vulnerability Exposed Sensitive Information

A vulnerability in Azure Kubernetes Services could have allowed attackers to escalate privileges and access sensitive information on the clusters.

Ionut ArghireAugust 21, 2024

Cloud Security

Microsoft Announces Mandatory MFA for Azure

Microsoft is implementing automatic enforcement of multi-factor authentication (MFA) for all Azure users starting October.

Ionut ArghireAugust 19, 2024

Cloud Security

Azure Health Bot Service Vulnerabilities Possibly Exposed Sensitive Data

Azure Health Bot Service vulnerabilities found by Tenable could have been exploited for lateral movement and may have allowed customer data exposure.

Eduard KovacsAugust 14, 2024

Cloud Security

Microsoft Says Azure Outage Caused by DDoS Attack Response

Microsoft’s response to a DDoS attack on Azure amplified the impact of the attack instead of mitigating it, causing outages.

Eduard KovacsJuly 31, 2024

Cloud Security

Ongoing Azure Cloud Account Takeover Campaign Targeting Senior Personnel

An active cloud account takeover campaign has impacted dozens of Azure environments and compromised hundreds of user accounts.

Kevin TownsendFebruary 12, 2024

Vulnerabilities

Microsoft Patches Sensitive Information Disclosure Vulnerability in Azure CLI

Microsoft provided guidance on an Azure CLI bug leading to the exposure of sensitive information through GitHub Actions logs.

Ionut ArghireNovember 15, 2023

Cloud Security

Azure HDInsight Flaws Allowed Data Access, Session Hijacking, Payload Delivery

Orca Security details eight XSS vulnerabilities in Azure HDInsight that could lead to information leaks, session hijacking, and payload delivery.

Ionut ArghireSeptember 14, 2023

Management & Strategy

Microsoft Criticized Over Handling of Critical Power Platform Vulnerability

A critical Microsoft Power Platform vulnerability exposed authentication data and other secrets, but the tech giant has been accused of handling it poorly.

Eduard KovacsAugust 4, 2023

Cloud Security

Microsoft Cloud Hack Exposed More Than Exchange, Outlook Emails

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

Ryan NaraineJuly 21, 2023

Cloud Security

Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps

Businesses using ‘Log in with Microsoft’ could be exposed to privilege escalation and full account takeover exploits.

Ryan NaraineJune 20, 2023

Cloud Security

Microsoft Azure Users Warned of Potential Shared Key Authorization Abuse

Microsoft Azure shared key authorization can be exploited to access business data and achieve remote code execution.

Ionut ArghireApril 11, 2023

Cloud Security

Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data

An Azure Active Directory (AAD) misconfiguration leading to Bing.com compromise earned Wiz researchers a $40,000 bug bounty reward.

Ionut ArghireMarch 30, 2023

Application Security

CSRF Vulnerability in Kudu SCM Allowed Code Execution in Azure Services

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Ionut ArghireJanuary 19, 2023