Security Boulevard

Your Most Dangerous User Is Not Human: How AI Agents and MCP Servers Broke the Internal API Walled Garden

Modern Agentic AI and the Model Context Protocol (MCP) have effectively turned internal data centers inside out, making the "internal API" security model obsolete.The "Confused Deputy" Risk: ...
Bleeping Computer

Microsoft overhauls security for publishing Edge extensions

Microsoft has introduced an updated version of the "Publish API for Edge extension developers" that increases the security for developer accounts and the updating of browser extensions. When first ...
Forbes

Emergency Microsoft Security Warning Confirmed — Act Now, CISA Says

Update, August 10, 2025: This story, originally published on August 7, has been updated with additional information following a demonstration of the shared service principal exploit at the Black Hat ...
Forbes

Critical 10/10 Microsoft Cloud Security Vulnerability Confirmed

Update, May 11, 2025: This story, originally published May 9, has been updated with more details on the move towards greater cloud Common Vulnerabilities and Exposures (CVE) transparency by both ...
Dark Reading

Critical Azure Entra ID Flaw Highlights Microsoft IAM Issues

A critical Microsoft authentication vulnerability could have allowed a threat actor to compromise virtually every Entra ID tenant in the world. The elevation of privilege (EoP) vulnerability, tracked ...
Bleeping Computer

Microsoft Entra ID flaw allowed hijacking any company's tenant

A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. The fatal mix included undocumented tokens called “actor ...
Security Boulevard

Microsoft Copilot Security Has a Blind Spot — And It’s at Runtime

Understanding the New Security Imperative for Generative AI in the Enterprise Introduction: How Microsoft Copilot Is Transforming Enterprise Security Risk Microsoft Copilot is changing the way ...