09 Jul, 2026

Windows KB5064489 emergency update fixes Azure VM launch issues

Microsoft has released an emergency update to fix a bug that prevents Azure virtual machines from launching when the Trusted Launch setting is disabled and Virtualization-Based Security (VBS) is enabled. The bug impacted Windows Server 2025 and Windows 11 24H2 and was introduced during the July Patch Tuesday security updates. “This update addresses an issue that prevented […]

1 min read

Microsoft: Windows 11 might fail to start after installing KB5058405

Microsoft has confirmed that some Windows 11 systems might fail to start after installing the KB5058405 cumulative update released during this month’s Patch Tuesday. On affected devices, users see 0xc0000098 recovery errors in ACPI.sys, warning that the device has to be repaired because the operating system couldn’t be loaded. ACPI.sys is the Windows Advanced Configuration […]

2 mins read

Windows Server emergency update fixes Hyper-V VM freezes, restart issues

Microsoft has released an emergency update to address a known issue causing some Hyper-V virtual machines with Windows Server 2022 to freeze or restart unexpectedly. These problems mainly impact Azure confidential VMs, which are designed to protect data while being processed, not just when it’s transmitted or stored. Redmond has addressed this issue with the […]

2 mins read

Commvault says recent breach didn’t impact customer backup data

Commvault, a leading provider of data protection solutions, says a nation-state threat actor who breached its Azure environment didn’t gain access to customer backup data. Listed on NASDAQ since March 2006, Commvault is included in the S&P MidCap 400 Index and provides cyber resilience services to over 100,000 organizations. As the company first revealed on March 7, […]

2 mins read

Cookie-Bite attack PoC uses Chrome extension to steal session tokens

A proof-of-concept attack called “Cookie-Bite” uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access to cloud services like Microsoft 365, Outlook, and Teams. The attack was devised by Varonis security researchers, who shared a proof-of-concept (PoC) method involving a malicious and a legitimate Chrome […]

3 mins read

Microsoft fixes Entra ID authentication issue caused by DNS change

Microsoft has fixed an issue that caused Entra ID DNS authentication failures when using the company’s Seamless SSO and Microsoft Entra Connect Sync. In an update to its Azure status page, Microsoft says these problems were caused by a recent DNS change that triggered DNS resolution failures for the autologon.microsoftazuread.sso.com domain when customers tried to […]

2 mins read

HubSpot phishing targets 20,000 Microsoft Azure accounts

A phishing campaign targeting automotive, chemical, and industrial manufacturing companies in Germany and the UK is abusing HubSpot to steal Microsoft Azure account credentials. The threat actors use HubSpot Free Form Builder links and DocuSign-mimicking PDFs to redirect victims to credential-harvesting pages. According to Palo Alto Networks’ Unit 42 team of researchers, the campaign, which […]

2 mins read

Microsoft warns Azure Virtual Desktop users of black screen issues

Microsoft warned customers they might experience up to 30 minutes of black screens when logging into Azure Virtual Desktop (AVD) after installing the KB5040525 Windows 10 July 2024 preview update. Additional symptoms include single sign-on (SSO) failures (on Office applications such as Outlook and Teams) blocking connections to backend services or preventing data syncs and […]

1 min read

AWS, Azure auth keys found in Android and iOS apps used by millions

Multiple popular mobile applications for iOS and Android come with hardcoded, unencrypted credentials for cloud services like Amazon Web Services (AWS) and Microsoft Azure Blob Storage, exposing user data and source code to security breaches. Exposing this type of credentials can easily lead to unauthorized access to storage buckets and databases with sensitive user data. Apart from […]

3 mins read

Microsoft creates fake Azure tenants to pull phishers into honeypots

Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them. With the collected data, Microsoft can map malicious infrastructure, gain a deeper understanding of sophisticated phishing operations, disrupt campaigns at scale, identify cybercriminals, and significantly slow down their activity. The […]

4 mins read