MCPwned: Azure MCP RCE vulnerability leads to cloud takeover
TL;DRToken Security researchers have discovered a Remote Code Execution vulnerability in the official Azure MCP server. The vulnerability enables an unauthenticated attacker with network access to the server to compromise it and establish a foothold in the production environment. Additionally, the attacker could steal the Azure credentials used by the ... Read More
Azure’s Role Roulette: How Over-Privileged Roles and API Vulnerabilities Expose Enterprise Networks
TL;DRToken Security researchers have discovered several Azure built-in roles that are misconfigured to be over-privileged - they grant more permissions than intended by Azure.In addition, we discovered another vulnerability in the Azure API that allows attackers to leak VPN keys.Combined, these two issues create a new attack chain that lets ... Read More
