Microsoft provided guidance on an Azure CLI bug leading to the exposure of sensitive information through GitHub Actions logs.
The post Microsoft Patches Sensitive Information Disclosure Vulnerability in Azure CLI appeared first on SecurityWeek.
Orca Security details eight XSS vulnerabilities in Azure HDInsight that could lead to information leaks, session hijacking, and payload delivery.
The post Azure HDInsight Flaws Allowed Data Access, Session Hijacking, Payload Delivery appeared first on SecurityWeek.
A critical Microsoft Power Platform vulnerability exposed authentication data and other secrets, but the tech giant has been accused of handling it poorly.
The post Microsoft Criticized Over Handling of Critical Power Platform Vulnerability appeared first on SecurityWeek.
Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.
The post Microsoft Cloud Hack Exposed More than Exchange, Outlook Emails appeared first on SecurityWeek.
Businesses using ‘Log in with Microsoft’ could be exposed to privilege escalation and full account takeover exploits.
The post Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps appeared first on SecurityWeek.
Microsoft Azure shared key authorization can be exploited to access business data and achieve remote code execution.
The post Microsoft Azure Users Warned of Potential Shared Key Authorization Abuse appeared first on SecurityWeek.
An Azure Active Directory (AAD) misconfiguration leading to Bing.com compromise earned Wiz researchers a $40,000 bug bounty reward.
The post Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data appeared first on SecurityWeek.
