Stay informed on Azure security with the latest insights, trends, and updates. Your hub for all Azure-related information security news.
Search across headline titles and summaries.
Background for this topic.
Azure is Microsoft's cloud computing platform, which offers a wide range of services including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) solutions. The platform is designed to help businesses manage challenges and meet their organizational goals. It provides services such as analytics, computing, database, mobile, networking, storage, and web, allowing companies to move faster, achieve more, and save money.
In the context of information security, Azure encompasses a robust suite of security features aimed at ensuring the safety and integrity of data and applications hosted on the platform. Microsoft has implemented multiple layers of security controls and has designed its cloud infrastructure to be highly resilient against attacks and service disruptions. Azure's security offerings include advanced threat protection, identity and access management, network security, information protection, and secure data storage. Azure also complies with a comprehensive set of international and industry-specific compliance standards, reinforcing its commitment to securing customer data and applications. Recognizing the critical importance of security in cloud computing, Azure constantly updates its security practices to defend against evolving cyber threats, making it a perennial topic of interest in the field of information security.
Weekly headline count for the current query.
Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928 but emphasized there is no evidence of unauthorized data access
Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC). The first vulnerability (CVE-2024-20685) allows a crafted signaling message to crash the control plane, leading to potential service outages. The second (ZDI-CAN-23960) disconnects and replaces attached base stations, disrupting network operations. While these issues are implementation-specific, their exploitation is made possible by a systemic weakness: the lack of mandatory authentication procedures between base stations and packet-cores.