1010.cx

/

Category: Windows

Azure’s Default API Connection Vulnerability Enables Full Cross-Tenant Compromise

A critical vulnerability in Microsoft Azure’s API Connection infrastructure enabled attackers to compromise resources across different Azure tenants worldwide. The flaw, which earned Gulbrandsrud a $40,000 bounty and a Black Hat presentation slot, exploited Azure’s shared API Management (APIM) instance architecture to gain unauthorized access to Key Vaults, Azure SQL databases, and third-party services like […] The post Azure’s Default API Connection Vulnerability Enables Full Cross-Tenant Compromise appeared first on Cyber Security News.

8/22/2025

·

cyber security, Cyber Security News, vulnerability, Vulnerability News, Windows

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Windows Docker Desktop Vulnerability Allows Full Host Compromise

A critical vulnerability in Docker Desktop for Windows has been discovered that allows any container to achieve full host system compromise through a simple Server-Side Request Forgery (SSRF) attack. The flaw, designated CVE-2025-9074, was patched in D…

8/22/2025

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability, Windows

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Weaponized Python Package “termncolor” Uses Windows Run Key for Persistence

Cybersecurity experts discovered a complex supply chain attack that originated from the Python Package Index (PyPI) in a recent disclosure from Zscaler ThreatLabz. The package in question, termed “termncolor,” masquerades as a benign color …

8/18/2025

·

cyber security, Cyber Security News, Python, Windows

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

1010.cx

1010.cx

Category: Windows

Azure’s Default API Connection Vulnerability Enables Full Cross-Tenant Compromise

Windows Docker Desktop Vulnerability Allows Full Host Compromise

Weaponized Python Package “termncolor” Uses Windows Run Key for Persistence