All news with #azure tag

Microsoft Ignite 2025: Building with Agentic AI and Azure

🚀 Microsoft Ignite 2025 showcased a suite of Azure and AI updates aimed at accelerating production use of agentic systems. Anthropic's Claude models are now available in Microsoft Foundry alongside OpenAI GPTs, and Azure HorizonDB adds PostgreSQL compatibility with built-in vector indexing for RAG. New Azure Copilot agents automate migration, operations, and optimization, while refreshed hardware (Blackwell Ultra GPUs, Cobalt CPUs, Azure Boost DPU) targets scalable training and secure inference.

Tools and Strategies to Secure Model Context Protocol

🔒 Model Context Protocol (MCP) is increasingly used to connect AI agents with enterprise data sources, but real-world incidents at SaaS vendors have exposed practical weaknesses. The article describes what MCP security solutions should provide — discovery, runtime protection, strong authentication and comprehensive logging — and surveys offerings from hyperscalers, platform providers and startups. It stresses least-privilege and Zero Trust as core defenses.

Exposed GitHub PATs Enable Access to Cloud Secrets

🔒 Recent research from the Wiz Customer Incident Response Team shows attackers are using exposed GitHub Personal Access Tokens (PATs) to retrieve GitHub Action Secrets and pivot into cloud environments. A read-level PAT can leverage GitHub’s API code search to locate secret references like "${{ secrets.SECRET_NAME }}" — and because those search API calls are not logged, discovery is stealthy. Once obtained, cloud provider credentials let attackers spin up resources, exfiltrate data, install malware, or persist while often evading detection. Organizations should treat PATs as privileged credentials: enforce expiration and rotation, remove cloud secrets from workflows, apply least privilege, and improve monitoring and developer training.

Microsoft Expands U.S. Cloud Infrastructure and Regions

☁️ Microsoft is expanding its U.S. cloud footprint with a new East US 3 region in the Greater Atlanta Metro, scheduled to open in early 2027, and by adding capacity and Availability Zones across multiple existing U.S. regions. The East US 3 region is designed for resilience with Availability Zones, support for advanced AI workloads, and sustainability goals including LEED Gold and water conservation. Microsoft is also increasing zone redundancy in North Central US, West Central US, and the US Government Arizona region to boost capacity, compliance, and mission readiness.

Four Immediate Cybersecurity Priorities for Organizations

🔒 In this Deputy CISO blog, Damon Becknel, Microsoft’s VP and Deputy CISO for Regulated Industries, outlines four immediate priorities organizations should act on now. He emphasizes reinforcing essential cyber hygiene—accurate asset inventories, network segmentation, timely patching, MFA, EDR, and proxying email and web traffic—as the most effective means to reduce common intrusions. Becknel also urges adoption of modern standards like phishing-resistant MFA, secure DNS and DMARC, deployment of fingerprinting to track bad actors, and active cross-industry collaboration to share threat signals and raise the cost of attack.

WARP PANDA: Sophisticated China-Nexus Cloud Threats

🔍 CrowdStrike identified a China-nexus adversary, WARP PANDA, conducting covert intrusions against VMware vCenter and cloud infrastructure throughout 2025, deploying novel Golang implants and the backdoor BRICKSTORM. Operations emphasized stealth—log clearing, timestomping, unregistered VMs, and tunnelling via vCenter/ESXi/guest VMs—enabling long-term persistence and data staging from live VM snapshots. WARP PANDA also exfiltrated Microsoft 365 and SharePoint content, registered MFA devices, and abused cloud services for C2, prompting recommendations for tighter ESXi/vCenter controls and robust EDR on guests.

Azure expands local and hybrid options for AI and control

🔒 Microsoft is expanding Azure with on‑premises, edge, and hybrid options to deliver AI, resilience, and operational sovereignty. Azure Local provides integrated compute, storage, and networking on customer premises with GA features like Microsoft 365 Local and NVIDIA Blackwell GPUs, plus previews for disconnected operations and multi‑rack scale. Coupled with Azure IoT, Microsoft Fabric, and Azure Arc management enhancements, the updates enable near‑real‑time analytics, secure device identity, and a unified control plane for distributed estates. The goal is to accelerate AI and analytics while preserving data residency, continuity, and compliance for regulated or mission‑critical environments.

Ten Years of Microsoft and Red Hat: Open Innovation

🚀 Over the past decade Microsoft and Red Hat have built a strategic partnership centered on open source and enterprise cloud innovation. Together they delivered offerings such as Red Hat Enterprise Linux on Azure and Azure Red Hat OpenShift, combining managed services, integrated support, and Marketplace availability. At Ignite 2025 the collaboration brought GA of OpenShift Virtualization and Confidential Containers, enabling VMs and hardware-isolated containers to run side-by-side for modernization and secure workloads.

Azure Networking: Security, Resilience, and AI-scale

☁️ Azure announces networking enhancements focused on security, resiliency, and AI-scale infrastructure. The update highlights zone-redundant NAT Gateway V2, expanded throughput options including ExpressRoute 400G and higher-performance VPN gateways, and advanced security features such as DNS Security Policy with Threat Intel and JWT validation in Application Gateway. Improvements to AKS container networking, Private Link Direct Connect, and Virtual WAN forced tunneling aim to simplify secure hybrid and AI deployments.

Choosing the Best Cloud Security Posture Management Tools

🔒 Cloud security posture management (CSPM) combines threat intelligence, continuous detection, and automated remediation to find and fix cloud misconfigurations that can expose data. Customers—not cloud providers—are responsible for configuring and protecting workloads, so organizations must select CSPM that delivers multicloud visibility, integrated data security, and policy-driven automated remediation. Modern offerings increasingly fold CSPM into broader CNAPP and SSE suites from vendors such as Wiz, Palo Alto Networks, Tenable, and CrowdStrike, making coverage, integration, and operational model critical factors in vendor selection.

Shai-Hulud v2 Supply-Chain Campaign Hits Maven Central

⚠️ The second wave of the Shai-Hulud supply-chain attack has moved from npm into the Maven ecosystem after researchers found org.mvnpm:posthog-node:4.18.1 embedding the same setup_bun.js loader and bun_environment.js payload. The artifact was rebundled via an automated mvnpm process and was not published by PostHog; mirrored copies were purged from Maven Central on Nov 25, 2025. The campaign steals API keys, cloud credentials and npm/GitHub tokens by backdooring developer environments and injecting malicious GitHub workflows, affecting thousands of repositories.

Claude Opus 4.5 Brings Agentic AI to Microsoft Foundry

🚀 Claude Opus 4.5 is now available in public preview in Microsoft Foundry, aiming to shift models from assistants to agentic collaborators that execute multi-tool workflows and support complex engineering tasks. Anthropic and Microsoft highlight Opus 4.5’s strengthened coding, vision, and reasoning capabilities alongside improved safety and prompt-injection robustness. Foundry adds developer features like Programmatic Tool Calling, Tool Search, Effort Parameter (Beta), and Compaction Control to help teams build deterministic, long-running agents while keeping centralized governance and observability.

Cloudflare Outage Highlights Risks of Single-Vendor Reliance

🔍 An intermittent outage at Cloudflare on Nov. 18 briefly disrupted many major websites and forced some customers to pivot DNS and routing to preserve availability. Those provisional workarounds may have exposed origin infrastructure by bypassing edge protections such as WAFs and bot management. Security teams should review OWASP-related logs, emergency DNS changes, and any ad hoc services or devices introduced during the outage. The incident underscores single-vendor risk and the need for formal fallback plans.

Azure Ignite 2025: Azure's Agentic AI and Data Innovations

🚀 At Microsoft Ignite 2025, Azure introduced a coordinated set of agentic and data-first capabilities to accelerate enterprise AI adoption. Announcements include Microsoft Agent Factory (available), previews of Fabric IQ and Foundry IQ, expanded Foundry model choices (Anthropic, Cohere), and new database offerings like Azure HorizonDB and Azure DocumentDB. The updates emphasize unified data, model choice, and integrated security to simplify building, running, and governing AI agents at scale.

Microsoft Databases and Fabric: Unified AI Data Estate

🧠 Microsoft details a broad expansion of its database portfolio and deeper integration with Microsoft Fabric to simplify data architectures and accelerate AI. Key launches include general availability of SQL Server 2025, GA of Azure DocumentDB (MongoDB-compatible), the preview of Azure HorizonDB, and Fabric-hosted SaaS databases for SQL and Cosmos DB. OneLake mirroring, Fabric IQ semantic modeling, expanded agent capabilities, and partner integrations (SAP, Salesforce, Databricks, Snowflake, dbt) are positioned to deliver zero-ETL analytics and operational AI at scale.

Microsoft Foundry: Modular, Interoperable Secure Agent Stack

🔧 Microsoft today expanded Foundry, its platform for building production AI apps and agents, with new models, developer tools, and governance controls. Key updates include broader model access (Anthropic, Cohere, NVIDIA), a generally available model router, and public previews for Foundry IQ, Agent Service features (hosted agents, memory, multi-agent workflows), and the Foundry Control Plane. Foundry Tools and Foundry Local bring real-time connectors and edge inference, while Managed Instance on Azure App Service eases .NET cloud migrations.

Azure Introduces Copilot Agents and AI Infrastructure

🚀 At Microsoft Ignite 2025, Microsoft unveiled a suite of Azure infrastructure and AI operational innovations built for scale, reliability, and security. Azure Copilot introduces an agentic operations model with six specialized agents—migration, deployment, optimization, observability, resiliency, and troubleshooting—designed to automate routine cloud management while enforcing RBAC and policy. The release also highlights new AI datacenter architecture (Fairwater), deployment of NVIDIA GB300 GPUs at scale, and platform improvements like Azure Boost and AKS Automatic to accelerate performance and reduce operational overhead.

Azure Mitigates Record 15.72 Tbps DDoS from IoT Botnet

🛡️ Microsoft Azure said it blocked a record 15.72 Tbps DDoS attack tied to the Aisuru IoT botnet that surged to roughly 3.64 billion packets per second and targeted a single cloud endpoint in Australia. The attacker launched extremely high-rate UDP floods from over 500,000 source IPs with minimal spoofing and random source ports. Azure DDoS Protection automatically detected and mitigated the traffic without disrupting customer workloads, and Microsoft urged organizations to validate internet-facing protections ahead of peak periods, noting systemic IoT security gaps.

Aisuru Botnet Fires 15.72 Tbps DDoS at Microsoft Azure

⚠️ Microsoft reported that the Aisuru botnet launched a massive DDoS attack against a public Azure IP in Australia, peaking at 15.72 Tbps and nearly 3.64 billion packets per second. The traffic originated from over 500,000 IP addresses and consisted of extremely high-rate UDP floods with minimal source spoofing. Microsoft noted the bursts used random source ports, which aided traceback and provider enforcement. Azure's mitigations absorbed the attack without a reported widespread outage.

Analysis of UNC1549 TTPs Targeting Aerospace & Defense

🔍 This joint analysis from Google Threat Intelligence and Mandiant describes UNC1549 activity observed from late 2023 through 2025 against aerospace, aviation, and defense organizations. The group commonly exploited trusted third‑party relationships, VDI breakouts, and highly targeted spear phishing to gain access, then deployed custom backdoors and tunneling tools to maintain stealth. The report provides IOCs, YARA rules, and detection guidance for Azure and enterprise environments.