The Hacker News

Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants

July 17, 2025; CVSS 10.0 Entra ID bug via legacy Graph enabled cross-tenant impersonation risking tenant compromise.
InfoWorld

What’s next for Azure API Management?

It’s not only our code that needs managing. Modern agentic AI services use APIs to access data, and we need to be sure that access is tightly regulated so that critical and sensitive information doesn ...
CSOonline

Azure API Management flaws highlight server-side request forgery risks in API development

Microsoft recently patched three vulnerabilities in its Azure API Management service, two of which enabled server-side request forgery (SSRF) attacks that could have allowed hackers to access internal ...
CSOonline

Microsoft patches 3 vulnerabilities in Azure API Management

The vulnerabilities comprise url formatting bypasses and an unrestricted file upload functionality in the API Management developer portal, according to cybersecurity firm Ermetic. Microsoft has ...