Microsoft Power Apps appears to list all data types as public unless the default settings are changed. The data leak exposed several coronavirus tracing and vaccination portals, as well as at least one job applicant database that contained social security numbers.
Microsoft Azure Cosmos DB cloud databases have had their read-write keys exposed by a flaw that has been present since 2019, allowing an attacker to not just access the contents but also to change or delete them.
CISA issues urgent alert as threat actors actively exploit ProxyShell vulnerabilities on unpatched Microsoft Exchange servers to execute LockFile ransomware attacks.
Hackers could exploit ProxyToken authentication bypass vulnerability to steal victims’ emails and personally identifiable information from vulnerable Microsoft Exchange servers.
Microsoft Azure cloud container vulnerability allows an attacker to escape their container and compromise other user's containers on the same cloud services by executing malicious code.
Mirai Botnet Trojans Actively Exploiting Microsoft Azure Vulnerability and Locking Other Hackers Out
Security researchers discovered that Mirai Botnet trojans actively exploited the OMIGOD Azure vulnerability and then closed the OMI SSL port 5896 to prevent others from doing the same.
Microsoft reported that the Russian hackers behind the devastating SolarWinds attack are employing similar tactics to worm their way into tech supply chains, looking to establish long-term footholds for espionage purposes.
Lapsus$ hackers compromised Microsoft's Azure DevOps Server, exfiltrated and published source code for the company's web infrastructure, websites, and mobile apps.
Survey expressing anti-Microsoft sentiment was paid for in part and published by Google Cloud. It polled 2,600 currently employed residents of the US, 338 of these government employees.
Microsoft researchers say that Russian cyber attacks in March against a television broadcaster and a nuclear plant directly preceded military action directed at those targets.