Microsoft Outage Hits Azure, 365, Xbox, Minecraft and More
A major Microsoft outage has disrupted Azure, Microsoft 365, Xbox, and Minecraft worldwide after a configuration failure, with services now gradually recovering.
Azure
Massive 4TB EY Database Backup Found Publicly Accessible on Azure
A critical security vulnerability was discovered when a complete 4-terabyte SQL Server backup belonging to Ernst & Young (EY), one of the world’s Big Four accounting firms, was found publicly accessible on Microsoft Azure. The exposure was id…
Microsoft Azure Experiences Global Outage Disrupting Cloud Services Worldwide
Microsoft Azure suffered a significant service interruption that left many customers unable to reach cloud resources. The incident began at roughly 07:40 UTC, when Azure Front Door, the platform’s native content delivery network (CDN), lost about 30 pe…
Microsoft Fixed Entra ID Vulnerability Allowing Global Admin Impersonation
Microsoft patched an Entra ID vulnerability that let attackers impersonate Global Admins across tenants, risking full Microsoft 365 and Azure takeover.
New Malware Abuses Azure Functions to Host Command and Control Infrastructure
A malicious ISO image named Servicenow-BNM-Verify.iso was uploaded to VirusTotal from Malaysia with almost no detections. The image contains four files—two openly visible and two hidden. The visible files include a Windows shortcut, servicenow-bnm-veri…
Azure Default API Connection Flaw Enables Full Cross-Tenant Compromise
A critical security vulnerability in Microsoft Azure’s API Connection architecture has been discovered that could allow attackers to completely compromise resources across different tenant environments, potentially exposing sensitive data stored …
Researchers Discover New Method to Identify Azure Arc in Enterprise Environments and Maintain Persistence
Security researchers have discovered novel ways to identify and take advantage of Microsoft Azure Arc in business settings, which is a major advancement in cybersecurity and may reveal weaknesses in this hybrid management system. Introduced in 2019, Az…
Azure Misconfiguration Lets Attackers Take Over Cloud Infrastructure
A recent security analysis has revealed how a chain of misconfigurations in Microsoft Azure can allow attackers to gain complete control over an organization’s cloud infrastructure, from initial access to full tenant takeover. The attack path, demonstr…
Over 50,000 Azure AD Users’ Access Tokens Exposed via Unauthenticated API Endpoint
CloudSEK’s BeVigil platform has uncovered a critical security vulnerability affecting an aviation giant, where an exposed JavaScript file containing an unauthenticated API endpoint led to unauthorized access to Microsoft Graph tokens with elevate…
Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges in Organizational Environments
A startling discovery by BeyondTrust researchers has unveiled a critical vulnerability in Microsoft Entra ID and Azure environments, where attackers can exploit lesser-known billing roles to escalate privileges within organizational tenants. This sophi…